telemetry Archives

Tech Optimizer

May 23, 2026

CVE-2026-9082: Critical Drupal Core SQLi Flaw

Drupal has issued critical security updates for a vulnerability in Drupal Core, identified as CVE-2026-9082, which affects sites using PostgreSQL databases. This flaw allows anonymous attackers to exploit the system through arbitrary SQL injection, posing risks such as sensitive information disclosure, privilege escalation, and remote code execution. The vulnerability is rated 20 out of 25 by Drupal and 6.5 out of 10 by CVE.org. It specifically impacts the database abstraction API, which fails to properly sanitize queries. The fixed versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10, with best-effort patches available for unsupported versions 9.5 and 8.9. Organizations are advised to inventory their Drupal installations, verify PostgreSQL usage, and prioritize patching for public-facing sites.

AppWizard

May 21, 2026

Binance’s Android app privacy fight is back in the spotlight

Binance is facing scrutiny regarding the data collection practices of its Android app, which some users believe functions more as a data collection tool than a trading platform. Concerns have been raised about the app's extensive permissions and tracking capabilities, with a report indicating the presence of numerous tracking components, including SDKs from TikTok and WeChat, and over 50 system permissions. Binance's privacy portal states that data is collected for account management, security, marketing, fraud prevention, and legal compliance. Despite this, there are questions about whether the data collection practices are proportionate to the app's intended functions. Binance has a history of legal issues, including a guilty plea in November 2023 that resulted in a .32 billion penalty for anti-money laundering violations. The exchange claims to tailor its privacy framework to regional regulations, but user concerns about the app's tracking capabilities persist. As of early 2026, Binance has over 300 million registered users, making any privacy-related disputes potentially impactful. The ongoing scrutiny may lead to gradual adjustments in Binance's practices rather than a complete overhaul.

Winsage

May 19, 2026

Your SSD has built-in maintenance tools that Windows keeps hidden from you

Modern SSDs are highly reliable and require minimal maintenance. Windows includes tools for SSD health management, such as the TRIM command, which helps optimize performance by allowing the SSD to clean unnecessary data blocks. Users can check if TRIM is active using the Command Prompt. The "Optimize Drives" utility schedules SSD optimization routines and sends ReTrim commands. S.M.A.R.T. technology monitors SSD health, but the information is not easily accessible. Third-party tools like CrystalDiskInfo offer more detailed insights. Windows' Storage Sense feature helps manage storage on smaller SSDs by cleaning temporary files and freeing up space. The write caching policy in Device Manager enhances SSD performance, and users can adjust settings in the BIOS for optimization. Windows reserves SSD space for virtual memory and hibernation, which can be managed to reclaim storage. Overall, Windows provides built-in features to help maintain SSD performance and longevity.

Winsage

May 17, 2026

Switcher 2026: Privacy, Security, and What Really Matters ⭐

Windows 11 offers potential for users seeking to minimize Microsoft's influence and restore a sense of nostalgia for earlier versions. Tools like Tiny11 Builder and Win11Debloat can facilitate significant modifications to Windows 11 installations. The video by "The Internet Privacy Guy" suggests that the only safe way to use Windows 11 is by eliminating the Microsoft account (MSA), which raises concerns about conflating privacy with security. Signing in with an MSA is actually the most secure method for using Windows 11, despite privacy implications such as telemetry collection. Users can opt for local accounts, but this requires diligence in securing their PCs, as local accounts can expose personal data without proper encryption. Users can also configure Windows 11 to resemble earlier versions by removing certain Microsoft services.

Winsage

May 17, 2026

I got tired of hunting through Windows for every setting, so I built my own control center

The utility created simplifies Windows management by consolidating various settings and diagnostics into a single interface. It provides an overview of system metrics such as DNS latency, system uptime, and temporary file accumulation. The application includes dedicated pages for health checks, network insights, services, scheduled tasks, drives, drivers, power plans, gaming toggles, privacy settings, and taskbar configuration. Each diagnostic is executed through PowerShell scripts, with results displayed in a user-friendly format. The utility maintains transparency by creating .reg backups before modifying the registry and allows users to revert changes easily. It is open-source, lightweight, and designed for personal use rather than debloating. The program's structure enables users to inspect and modify scripts, ensuring clarity and control over system adjustments.

Winsage

May 16, 2026

I got tired of hunting through Windows for every setting, so I built my own control center

The utility developed streamlines access to Windows diagnostics and tweaks, consolidating functionalities typically spread across various settings panels into a single interface. It features an overview page with key system metrics and organized sections for health checks, network details, services, scheduled tasks, drives, drivers, power plans, gaming settings, privacy options, and taskbar adjustments. Each diagnostic is executed via PowerShell scripts that output JSON data for display. The application ensures transparency in registry changes by creating .reg backups before modifications and allows users to revert changes easily. It focuses on practical tweaks rather than debloating, maintaining a lightweight design without extensive features. The tool is open source and available on GitHub.

Tech Optimizer

May 13, 2026

Nine Enterprise Security Solutions Certified in AV-Comparatives 2026 EDR Detection Validation Test

AV-Comparatives conducted the 2026 EDR Detection Validation Test, certifying nine enterprise solutions for their detection capabilities. The certified products include Bitdefender GravityZone Business Security Enterprise, ESET PROTECT Elite, Fortinet FortiEDR, G DATA 365 | MXDR, Genian Insight E, Kaspersky EDR Expert (on-premises), ManageEngine Endpoint Central with EDR, Palo Alto Networks Cortex XDR Pro, and Sangfor Athena AI-Native EPP. The evaluation focused on the effectiveness, consistency, and usability of detection capabilities, providing a clear overview of each product's performance in a realistic 14-stage Advanced Persistent Threat scenario. The assessment ensured that results were not influenced by prevention mechanisms and highlighted the role of AI in improving detection result readability and SOC efficiency.

Winsage

May 11, 2026

Why Windows 11 users are switching to Fluent Cleaner, the sleek CCleaner alternative that actually feels native

Fluent Cleaner is a maintenance and cleanup tool for Windows 11 available as a self-contained Zip file from its official GitHub page. Users can download and extract the FluentCleaner-win-x64.zip file, then launch the application by double-clicking FCleaner.exe. The interface is modern and utilizes the WinUI framework, allowing users to analyze and optimize various components of the system. Fluent Cleaner uses the Winapp2.ini database for cleaning routines, with options to switch to Winapp3 or Winappx databases for more aggressive cleaning or bloatware removal. Users can also add custom databases using ".ini" files. The tool supports extensions, enabling integration with additional scripts and tools. To perform a cleanup, users click "Analyze" to scan for junk files, with Fluent Cleaner identifying 19.43GB of junk files in testing, which is more than the 15.9GB detected by Windows 11's built-in tool. After reviewing the analysis, users can click "Run Cleaner" to execute the cleanup.

Winsage

May 11, 2026

New GhostLock tool abuses Windows API to block file access

A security researcher has developed a proof-of-concept tool called GhostLock, which exploits a vulnerability in the Windows file API, specifically the 'CreateFileW' function. By manipulating the 'dwShareMode' parameter to grant exclusive access to files, GhostLock can prevent other users or applications from opening those files, resulting in a 'STATUSSHARINGVIOLATION' error. The tool automates the process of opening multiple files on SMB shares, causing access disruptions without requiring elevated privileges. This technique is intended as a disruption attack rather than a destructive one, similar to ransomware, and can serve as a diversion during intrusions. Detection of this attack relies on monitoring the open-file count with ShareAccess set to 0 at the file server layer. Dvash has provided resources for IT teams to enhance detection capabilities against this threat.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.