Transfer Archives

Tech Optimizer

June 23, 2026

Active Exploitation of Critical CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE via PostgreSQL Sidecar Service

A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.

AppWizard

June 20, 2026

Google Messages Just Solved The Biggest Problem With Smart Replies

Google Messages has introduced a "Tap to draft" option within its Smart Replies feature, allowing users to review and edit suggested responses before sending them. This feature is part of app version 2026052200RC00 and can be enabled by updating to the latest version and adjusting settings in the app. Smart Replies use AI to generate quick response suggestions based on user interactions, while ensuring that no message content or data is transmitted to Google, thus maintaining user privacy.

Tech Optimizer

June 20, 2026

PostgreSQL 18 on Amazon Aurora and Amazon RDS: Security, monitoring, and developer enhancements

PostgreSQL version 18 has deprecated MD5 password authentication in favor of SCRAM-SHA-256, with a new parameter, md5_password_warnings, enabled by default to log deprecation warnings. It has enhanced monitoring capabilities by adding columns to pg_stat_database and pg_stat_statements to track parallel worker activity, with the default max_parallel_workers_per_gather set to 0 in Aurora PostgreSQL. The pg_stat_subscription_stats view now includes new columns for tracking conflict types in logical replication. Optimizer statistics are automatically transferred during upgrades, while uuidv7() generates timestamp-ordered UUIDs. The default streaming option for CREATE SUBSCRIPTION has changed to parallel, and the idle_replication_slot_timeout parameter automatically invalidates inactive replication slots. Enhancements to the COPY command include REJECT_LIMIT for error tolerance and a silent LOG_VERBOSITY level. OLD and NEW aliases have been introduced in RETURNING clauses for various DML commands.

TrendTechie

June 20, 2026

Выпуск qBittorrent 5.2.2

On May 15, 2026, qBittorrent version 5.2.2 was released. It is an open-source torrent client developed using the Qt toolkit, with source code available on GitHub under the GPLv2+ license. The software supports Linux, Windows, and macOS. The project started with version 4.0 in November 2017, followed by versions 5.0 in September 2024 and 5.1 in April 2025. The 5.2.2 update focuses on bug fixes and stability improvements, including D-Bus utilization for file display, header mismatch correction in Safari, magnet link sending issue fix, correct string identifier implementation for RSS Downloader, 64-bit binary installation on ARM64 systems, prevention of SSRF attacks, and mitigation of proxy interference in multi-threaded processing. Key features include an integrated search engine, RSS feed subscription, support for BEP extensions, remote management, sequential downloading, advanced torrent settings, bandwidth scheduling, IP filtering, torrent creation interface, and UPnP/NAT-PMP support.

Tech Optimizer

June 18, 2026

Retro gaming fans are the new target for fake GitHub malware

Retro gaming enthusiasts should be cautious when exploring GitHub projects for tools or plugins, as cybercriminals may disguise malware as homebrew software. A specific incident involved a project called EQVita, which pretended to be a free audio tool for PlayStation Vita but actually contained Windows malware. The downloaded file included three files: Launch.bat, luajit.exe, and x64.txt, with the latter concealing a hidden script that connected to the attacker's server upon execution. This scam is part of a broader trend where counterfeit GitHub repositories distribute SmartLoader malware, which retrieves additional malicious software aimed at stealing passwords and cryptocurrency wallets. The PS Vita community, despite the console's production ceasing, remains active in modding, making it a target for attackers. Legitimate plugins typically come in Vita-compatible formats, while fake ones may feature polished marketing materials and AI-generated descriptions. Users are advised to verify sources, be cautious of suspicious downloads, and utilize security tools like Malwarebytes. If someone has executed the malicious EQVitav1.3.zip file, they should conduct a malware scan, change important passwords, and monitor accounts for unauthorized access. Indicators of compromise include the domains https://github.com/Voistace/EQVita and https://voistace.github.io, and the IP address 85.137.52.21.

Tech Optimizer

June 18, 2026

SQL Server may be too lucrative for Microsoft to ditch, but too legacy to love

Microsoft's Build event highlighted its new AI agent, Scout, while SQL Server received limited attention, raising concerns about its future following Rohan Kumar's departure. Arun Ulag now oversees SQL Server, but analysts note a shift in priorities with SQL Server seemingly less emphasized. The 2022 SQL Server release was viewed as more of a marketing effort than a response to customer needs. Despite the introduction of vector search in SQL Server 2025, competitors had already offered similar features. Microsoft is shifting towards open-source solutions and PostgreSQL, although it reassured users of its commitment to SQL Server. SQL Server, launched in 1989, remains popular, ranking behind Oracle and MySQL. The on-premises database market is lucrative, generating significant revenue, and SQL Server holds a substantial share. Microsoft is unlikely to abandon this profitable segment, aiming to transition users to Azure SQL and SQL database within Fabric. However, migration compatibility issues may arise. Microsoft is also investing in PostgreSQL offerings to compete in the cloud database market, which is evolving rapidly. AWS currently leads in cloud DBMS revenue, posing a challenge for Microsoft. Despite uncertainties, support for SQL Server 2025 is guaranteed until 2036.

AppWizard

June 18, 2026

Rockstar Will Offer Free GTA 5 Upgrades From Older Console And PC Versions

Beginning June 18, players who own Grand Theft Auto V on PS4 or the digital edition for Xbox One can upgrade to the enhanced versions on PS5 or Xbox Series X/S for free. This upgrade includes significant visual enhancements and performance improvements, along with the ability to transfer save data and online progress. PC gamers can also upgrade to the Enhanced edition, which features exclusive enhancements like ray-traced ambient occlusion and global illumination. Rockstar previously discontinued GTA Online on PS3 and Xbox 360 in 2021, leading to speculation about similar support for PS4 and Xbox One. Fans are also anticipating information about Grand Theft Auto VI, with a current release date of November 19 and increased marketing efforts expected this summer.

AppWizard

June 18, 2026

Xbox is porting two classic Call of Duty games to PlayStation — and they’re coming very, very soon

Treyarch announced that Call of Duty: Black Ops (2010) and Call of Duty: Black Ops 2 (2012) will be ported to PlayStation platforms, likely for PS4 and PS5, starting in July. Iron Galaxy Studios will handle the modernization of these titles. The games have been available on Xbox One and Xbox Series X|S since 2016 through Microsoft's Backwards Compatibility Program. There are uncertainties about whether existing PS3 owners will access the new versions for free or transfer their progress. The new ports are expected to integrate with the existing server network. Xbox and PC players have expressed frustration over issues with Black Ops and Black Ops 2 on Xbox, including a locked 720p resolution and hacking problems, as well as the absence of these titles on Xbox Game Pass.

AppWizard

June 17, 2026

An obscure new game-breaking Destiny bug lets you one-hit bosses, and I don’t think Bungie’s gonna let this one slide

Bungie has allowed a notable bug to persist in Destiny 2, encouraging players to engage with it until it is addressed next week. Following the conclusion of the game's live service, Bungie introduced new features, including catalysts for every Exotic weapon and various broken perk combinations. This has led to a return to the chaotic 'Craftening' era, where players can transfer perks between weapons. Current bugs allow players to equip multiple instances of the same artifact perk and create powerful builds, enabling them to tackle raids and dungeons more easily, including soloing difficult encounters.

Winsage

June 16, 2026

Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more

Microsoft rolled out Patch Tuesday updates for Windows 11, specifically KB5094126 and KB5093998, along with dynamic updates KB5094149, KB5095971, and KB5094156. Users have reported various issues post-update, including access difficulties with OneDrive and Dropbox, BitLocker recovery lockouts, and blue screens of death (BSOD), particularly the 0xc0430001 error on HP systems. This error may be linked to a previous bug affecting HP devices related to Secure Boot certificate updates. Users experiencing this error are advised to verify the presence of the boot.stl file on their installation media, as it is essential for Secure Boot. Microsoft recommends using the Update WinPE script to ensure the boot.stl file is included or manually transferring it from the WindowsBootEFI directory. Additionally, some Lenovo PC users have reported system freezes after the update. One user identified a conflict between KB5094126 and User Account Control (UAC) that affects OneDrive and Dropbox access in Explorer, noting that enabling UAC resolves the issue.