system services Archives

Tech Optimizer

June 23, 2026

Active Exploitation of Critical CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE via PostgreSQL Sidecar Service

A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.

AppWizard

June 17, 2026

Google Might Have Finally Fixed Android Auto’s Worst Connection Issue

Issues with Android Auto related to device connections have been prevalent, particularly for Samsung Galaxy S26 series and Google Pixel devices, due to software glitches. Google released Play Services version v26.15 in April to address these problems, but it did not fully resolve them. The latest update, Google Play Services v26.22, began rolling out on June 8 and includes bug fixes for device connection issues. The changelog notes '[Auto] Bug fixes for Device Connections related services.' Users can check for this version in the Settings app under Google > All services > System Services. Version 26.23, which is also rolling out, includes performance enhancements and bug fixes for system management and diagnostics. Additionally, Android Auto has undergone a significant update in 2026, introducing support for Adobe Acrobat PDF Reader and four new features, including expanded widget support.

AppWizard

April 4, 2026

Pixel users report Now Playing app is finally working as it should

The Pixel's “Now Playing” feature has become a standalone app following the March Pixel Drop, improving music discovery and allowing users to manage their song history. Users reported issues such as the missing “Tap to see what’s playing” feature on the lock screen and syncing problems with Now Playing history. Google has issued an update to address these glitches, and some users have confirmed the return of the lock screen feature, although not all have benefited from the update. Google provided a troubleshooting guide for users facing difficulties, including steps to enable necessary services, ensure song identification, and restore missing song history. The app requires a full 24 hours to set up correctly, and many issues are linked to the March software update.

Winsage

April 2, 2026

Don’t blame Windows 11 updates for every problem, Microsoft veteran says

Corporate clients often report to Microsoft that Windows updates disrupt their systems, particularly after Patch Tuesday. A 2026 report from Omnissa indicates that Windows environments experience more application crashes and forced shutdowns than macOS. However, Raymond Chen, a Windows expert, suggests that many systems are already compromised before updates are installed. Engineers at Microsoft frequently find that issues persist even after rolling back updates, and similar failures can occur on machines that haven't received the update yet. The actual triggers for system failures often stem from changes made by IT departments prior to updates, such as new drivers or configuration modifications. These changes may not show immediate issues until a reboot occurs during Patch Tuesday, revealing existing instability. Best practices for IT admins include controlled change management, validating drivers and policies before deployment, using staged rollouts, rebooting after major changes, and maintaining logging and monitoring systems. Microsoft conducts extensive testing of updates to ensure system security and stability, and delaying updates can increase risks.

AppWizard

March 31, 2026

Google Rolls Out Developer Verification for Android Sideloaded Apps

Google introduced developer verification features for the Android Developer Console and Google Play Console on March 30, 2026, to enhance security against malware from sideloaded applications. Sideloaded apps are known to contain over 90 times more malware than those on the Google Play Store. Developers can establish accounts on the Android Developer Console for verification, and existing apps on the Google Play Console will be automatically recognized as verified if they meet the new requirements. The Android developer verification tool will be integrated into Android Studio within two months. The rollout will occur in phases: - April 2026: Introduction of the “Android Developer Verifier” tool. - June 2026: Early access to “Limited Distribution Accounts” for hobbyist developers and students. - August 2026: Global rollout of “Limited Distribution Accounts” and launch of an “Advanced Flow” for installing unverified sideloaded apps. - September 30, 2026: Mandatory registration for apps installed or updated on certified Android devices in select countries, with unregistered apps installable only via ADB or the Advanced Flow. - 2027 and beyond: Global expansion of verification requirements.

AppWizard

March 30, 2026

New ‘Android Developer Verifier’ app coming to phones as Google shares verification timeline

Google has launched the Android developer verification process, available to all developers through the Play Console and the new Android Developer Console for app distribution outside the Play Store. Key dates in the rollout include: - April 2026: The Android Developer Verifier will appear in users' Google Systems services settings. - June 2026: Early access for limited distribution accounts for students and hobbyists, allowing app sharing across up to 20 devices without a government ID. - August 2026: Global launch of limited distribution accounts and advanced flow for power users. - September 30, 2026: Requirement in Brazil, Indonesia, Singapore, and Thailand for apps to be registered by verified developers for installation and updates on certified Android devices, with users still able to sideload unregistered apps. - 2027 and beyond: Global rollout of the verification requirement, with specific dates to be announced. The Android Developer Verifier will use Play services to ensure all Android versions benefit from the verification process, and users will see it installed on their devices by April.

AppWizard

March 30, 2026

Google’s New Android Developer Verifier Service is Here for Your…

Google has begun rolling out its Android developer verification system, requiring developers who distribute apps outside the Google Play Store to register and verify their identities. This affects primarily those using alternative distribution channels. A new Android Developer Verifier app will be integrated into Google System services settings starting in April 2026 to verify app associations with registered developers. The verification checks are expected to occur during the installation of sideloaded apps, with warnings for unverified developers. The rollout timeline includes: - April 2026: Android Developer Verifier available in Google System services settings. - June 2026: Early access for limited distribution accounts for students and hobbyists. - August 2026: Global launch of limited distribution accounts and advanced flow for power users. - September 30, 2026: Apps must be registered by verified developers to be installed on certified Android devices in Brazil, Indonesia, Singapore, and Thailand; unregistered apps can still be sideloaded using ADB or the advanced flow. - 2027 and beyond: Global rollout of the requirement.

BetaBeacon

March 18, 2026

Google’s March system update adds Wi-Fi sharing and free game trials for Android

- Play Services version 26.10 introduces Wi-Fi Sync, which automatically shares known networks between devices - Play Store version 50.6 offers free trials for select premium games before purchase - Wear OS devices now display animated placeholders while Play Store pages load - Google has made it easier to update systems on Pixel devices with a new mechanism in Settings

Winsage

March 6, 2026

Chinese hackers hide malware in Windows and Google Drive to hit targets

Chinese state-sponsored threat actors, specifically a group known as Silver Dragon, have been conducting espionage operations across Southeast Asia and Europe since at least mid-2024. They have targeted government entities in countries such as Russia, Poland, Hungary, Italy, Japan, Myanmar, and Malaysia. Silver Dragon is believed to be affiliated with APT41 and primarily uses phishing emails to initiate attacks, often containing weaponized documents or links. They employ a custom backdoor called GearDoor, which utilizes Google Drive for command-and-control operations, allowing them to exfiltrate stolen intelligence. The group also hijacks legitimate Windows services to load malicious code and uses tools like SSHcmd and Cobalt Strike for post-exploitation activities. Their tactics involve blending malicious activities with normal system operations, making detection difficult and increasing their dwell time within targeted networks.

BetaBeacon

February 18, 2026

Google’s Game-Changing Feature Is Rolling Out to These Android Devices

- Google is rolling out an update for Quick Share on Pixel 9, but not all users will immediately see it. - Users may need to manually install the Quick Share extension from settings. - Quick Share on Pixel can transfer files and media from iPhones using AirDrop. - Google has not specified which non-Pixel devices will support the new Quick Share. - The EU's Digital Markets Act is pushing for broader file-sharing interoperability among major tech companies.