spoofing Archives

Winsage

June 13, 2026

Windows Server 2025 Adds DNS Over HTTPS for Secure DNS Traffic

Microsoft has rolled out support for DNS over HTTPS (DoH) in Windows DNS Server as part of the Windows Server 2025 update. This feature enhances the security of DNS communications through encryption and server authentication, allowing encrypted client-to-resolver traffic in on-premises DNS environments. DoH encrypts DNS queries and responses using HTTPS, protecting sensitive information from interception or alteration. It also uses digital certificates for DNS server authentication to reduce spoofing and impersonation risks. The feature is compatible with existing Windows DNS Server configurations and supports both encrypted and traditional DNS. DoH support is available on Windows Server 2025 with the June 9, 2026 update or newer. Administrators must configure a trusted TLS certificate and enable DoH in the DNS Server service to deploy this feature. Microsoft plans to extend encryption capabilities to include communication between the Windows DNS Server and upstream DNS resolvers in the future.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 11, 2026

Windows 11 Sucks Slightly Less Now, Thanks To A June Update

The June update for Windows 11, identified as KB5094126 (OS Builds 26200.8655 and 26100.8655), introduces significant enhancements and numerous bug fixes and security patches. A key feature is a low-latency profile that improves responsiveness of core system elements like the Start Menu and Search by allowing the CPU to quickly reach maximum clock speed upon user interaction. This update also refines the Start Menu, improves app launch speeds, and addresses longstanding issues such as faster downloads from the Windows Store and optimized Windows Search results. New features include multi-app camera support, Shared Audio functionality for streaming to multiple Bluetooth devices, and the ability to personalize user folder names during installation. Additionally, the update resolves 206 security vulnerabilities, including a critical kernel-level remote code execution vulnerability (CVE-2026-45657) with a threat score of 9.8.

AppWizard

June 5, 2026

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A vulnerability in several Microsoft 365 Android applications, identified as FlagLeft, was caused by a development flag left enabled in production builds, which disabled checks meant to restrict account-token sharing to trusted applications. This flaw affected applications such as Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop, and OneNote, allowing unauthorized apps to request and obtain user tokens without permission. Microsoft Teams was unaffected. The vulnerability was demonstrated by Enclave, allowing access to user emails through an unverified app. On May 12, Microsoft issued four CVEs for the affected applications, categorized under improper access control. The patched version of Word for Android is 16.0.19822.20190, and users are advised to update their applications. The patch does not invalidate already compromised tokens, so users should revoke these tokens and sign in again.

Winsage

June 3, 2026

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have identified an unpatched vulnerability that could expose NTLMv2 hashes to attackers, linked to the "search:" URI handler. This issue is similar to CVE-2026-33829, which involved a spoofing vulnerability in the Windows Snipping Tool's ms-screensketch: URI handler. The flaw allows attackers to trick users into connecting to their SMB servers, disclosing NTLMv2 hashes for authentication exploitation. The new vulnerability operates using "search:" and "crumb=location:" parameters, resulting in a similar Net-NTLMv2 leak. Microsoft has chosen not to address this issue, stating only vulnerabilities classified as Important or Critical would be fixed. Recommendations to mitigate risks include blocking outbound SMB traffic, enforcing SMB signing, and disabling NTLM authentication where possible.

Winsage

June 2, 2026

Windows platform security for AI agents

AI agents have evolved from simple question-answering systems to autonomous entities that can perform actions across various platforms. This shift raises concerns about control and trust, necessitating a change in security paradigms. Developers are now required to integrate security into the architecture of their platforms to maintain trust in agent deployment. Microsoft has expanded Agent 365 to manage local agents on Windows, introducing policy-based controls to govern agent actions. The Microsoft Execution Containers (MXC) SDK provides a policy-driven execution layer for agents, allowing developers to define constraints and ensuring consistent enforcement at runtime. Windows supports various containment options, including process and session isolation, to mitigate risks associated with agent behavior. Micro-VMs and Linux containers are also being integrated into the containment model. Windows 365 for Agents enables agents to operate in a managed cloud environment, limiting potential compromises. Collaborations with industry leaders aim to align containment strategies with developer needs. The security model is built on a foundation designed to minimize risk, incorporating features like passwordless sign-in and real-time protection through Windows Defender. The focus remains on enabling developers to create secure, governable agents for real-world deployment.

Tech Optimizer

May 27, 2026

NordVPN’s New App Acts as an All-in-One Digital Privacy and Security Hub

A virtual private network (VPN) does not protect against fraudulent banking links or harmful files. NordVPN has enhanced its VPN application by integrating antivirus features, evolving into a comprehensive digital privacy and security service. The revamped app is based on three pillars: Connect, Protect, and Monitor, offering tools such as VPN services, scam and phishing protection, and Dark Web Monitor. NordVPN's approach aims to intercept threats early, focusing on deception tactics used in modern scams. The company's next-generation antivirus system uses a dual-layer detection strategy, evaluating URLs in real-time and scanning files for malware. In April, NordVPN blocked 4.8 million threat events, including malware and phishing attempts. The company emphasizes minimal data collection for threat decisions and offers three subscription tiers: Basic, Complete, and Prime, each with a 30-day money-back guarantee. Users are reminded that no app can fully protect against cybersecurity threats, and best practices like strong passwords and multifactor authentication are essential.

Winsage

May 1, 2026

Windows shell spoofing vulnerability puts sensitive data at risk

Erik Avakian, a technical counselor at Info-Tech Research Group, discussed the patching deadlines set by the Cybersecurity and Infrastructure Security Agency (CISA) under Binding Operational Directive (BOD) 22-01, which requires U.S. federal agencies to address vulnerabilities within 14 to 21 days. CISA can expedite patching to as little as three days for high-risk exploits. The vulnerability CVE-2026-32202, rated 4.3 on the Common Vulnerability Scoring System (CVSS), was actively exploited but did not qualify for an urgent patch cycle, resulting in a 14-day deadline. Avakian noted the debate over whether this timeframe is sufficient, suggesting that Microsoft’s rating and other factors influenced the decision not to escalate to an emergency directive requiring a 48 to 72-hour response.

Tech Optimizer

April 24, 2026

Fileless Malware and Email Authentication Gaps

Fileless malware operates stealthily within networks, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute malicious code in memory without leaving traces on disk. Traditional antivirus solutions struggle to detect these threats due to their reliance on file signatures. The primary vector for fileless malware is email, where attackers use spoofed messages to trick users into activating malicious scripts. Misconfigurations in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records create vulnerabilities that attackers exploit to deliver spoofed emails. Traditional endpoint protection mechanisms are inadequate against fileless attacks, necessitating a shift towards behavioral analysis for detection. Organizations must assess their preparedness by ensuring proper email authentication configurations and enhancing endpoint security capabilities. Integration among security teams and updated employee security awareness programs are also essential. Sendmarc helps organizations mitigate vulnerabilities by providing visibility into SPF, DKIM, and DMARC configurations and enforcing DMARC to block unauthenticated messages.

AppWizard

April 16, 2026

Your Android phone could soon get a better way to sniff out spoofed calls

Google is enhancing the security of incoming calls on Android devices by integrating a "Verified Caller" feature into Google Play Services. This feature aims to combat scam calls that use Do-Not-Originate (DNO) numbers by cross-referencing incoming calls against a database of DNO numbers to flag potential scams. The system will work with existing applications, such as banking apps, to monitor specific DNO numbers. The feature is still in development and its effectiveness will depend on business participation and strict verification processes by Google.