unencrypted Archives

Winsage

June 13, 2026

Windows Server is getting new network safety capabilities with DNS over HTTPS

Microsoft has introduced DNS over HTTPS (DoH) on Windows Server 2025, enhancing network security by encrypting DNS traffic for client-to-server communications. This feature, previously available only in Windows client editions, is now part of Microsoft's Zero Trust architecture. DoH routes DNS traffic through HTTPS secured with TLS certificates, preventing eavesdropping and safeguarding DNS data from tampering. It adheres to the IETF DNS over HTTPS standard (RFC 8484) and can integrate with existing infrastructure, allowing organizations to maintain unencrypted DNS traffic if needed. DoH is available for Windows Server 2025 systems updated to the latest Patch Tuesday release, and Microsoft has provided guidance on enabling this feature. However, DNS traffic exchanged between two DNS servers will not be encrypted by DoH.

AppWizard

June 10, 2026

France’s Government Messaging App Tchap Got Breached

On June 7, 2026, Tchap, the French government's encrypted messaging platform for civil servants, experienced a significant breach detected by ANSSI. The breach resulted from a compromised user account and involved the education shard of Tchap, specifically targeting matrix.agent.education.tchap.gouv.fr. Approximately 650,000 messages, data from over 73,000 accounts, and about 13.5GB of documents and media files were allegedly scraped. The attacker also claimed to have discovered hardcoded LDAP credentials leaked through a PowerShell script shared by a regional director of the French tax authority. DINUM, the French Digital Affairs Directorate, stated that private conversations on Tchap are end-to-end encrypted and that the compromised account has been blocked. They notified CNIL about the potential exposure of personal data and reminded users to avoid sharing sensitive information in public chat rooms. The breach follows a mandate from Prime Minister François Bayrou in August 2025 requiring all civil servants to use Tchap, increasing its attractiveness as a target for cyber threats. The investigation into the breach is ongoing.

Winsage

June 10, 2026

Windows 11 Settings You Should Change in 2026：A 9-Point Speed, Privacy, and Security Checklist

On June 9, 2026, Microsoft released a major security update addressing around 200 vulnerabilities, including three critical zero-day exploits. This update coincides with the expiration of Secure Boot certificates that have been in place since 2011. Users are advised to review their Windows 11 settings to ensure security and optimization during this transition. Key actions include installing the June update, enabling faster delivery of updates, turning on Core Isolation memory integrity, activating Controlled folder access against ransomware, confirming drive encryption, disabling the advertising ID, minimizing diagnostic data, auditing camera and microphone permissions, disabling unnecessary startup applications, enabling Storage Sense, adjusting power mode settings, and tuning visual effects for better performance.

Winsage

June 5, 2026

Microsoft dropped Copilot+ PC branding for Windows 11’s most powerful AI laptop, and nobody complained

In May 2024, Microsoft launched Copilot+ PCs featuring local AI acceleration and Qualcomm's Snapdragon X Elite chips. However, during the introduction of the Surface Laptop Ultra, powered by NVIDIA’s RTX Spark platform, Microsoft did not mention the Copilot+ branding. The Surface Laptop Ultra is described as the most powerful AI-centric Windows laptop, yet it lacks the Copilot+ label, raising questions about the branding strategy. Initially, Copilot+ PCs were marketed as the fastest and most intelligent Windows PCs, requiring specific hardware specifications. The Recall feature, intended as a "photographic memory," faced privacy issues, leading to its retraction and redesign. In 2025, Microsoft integrated Copilot into various Windows applications, resulting in user backlash and a decline in the brand's perception. The Surface Laptop Ultra is confirmed as a Copilot+ PC internally, but Microsoft chose not to use the branding publicly, likely due to NVIDIA's branding interests. Additionally, inconsistencies in hardware requirements for Copilot+ PCs have created confusion among consumers. Microsoft may need to consider a rebranding of Windows as it focuses on local AI development and improving performance.

AppWizard

June 4, 2026

Apple removes Russia’s state-backed messenger from App Store | THE DAILY TRIBUNE

Apple has removed Russia's state-sponsored messaging application, Max, from its global App Store. The Russian government is promoting Max as the primary communication tool, encouraging its adoption while restricting access to Western messaging platforms. The app, developed by VK, is unencrypted and stores user data on Russian servers. Existing users can access previously installed versions, but new users cannot download it, and current users face restrictions on software updates.

TrendTechie

May 23, 2026

Forza Horizon 6 слили за девять дней до релиза

Unencrypted preload files for Forza Horizon 6, totaling approximately 155 GB, have been discovered on Steam. Some players have reportedly launched a version of the game without the day-one patch, but those who went online with the leaked version received permanent hardware bans tied to specific PC components. The official release date for Forza Horizon 6 is May 19, 2026, on PC and Xbox Series X|S, with a PlayStation 5 version expected later in the year. The Premium edition will provide early access starting May 15. The game features over 550 vehicles, including classic Japanese models and exclusive Forza Edition cars.

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

AppWizard

May 15, 2026

Android 16 Bug Allows Apps to Ignore VPNs and Leak IP Addresses

Android 16 may have a vulnerability that allows applications to bypass VPN protections, potentially exposing users' IP addresses. A security engineer reported this issue through Google’s Vulnerability Reward Program, but Google's security team deemed it "infeasible" to address. The vulnerability lies within the ConnectivityManager system service, which circumvents the VPN tunnel, leading to unencrypted traffic and exposure of sensitive information. This issue persists even with "Always-on VPN" or "Block connections without VPN" features enabled. Although there is no confirmed exploitation of this vulnerability, it poses ongoing risks for users. GrapheneOS has patched the issue, indicating a fix is possible. A debug command has been identified as a temporary workaround for affected users, but it requires caution and understanding of USB debugging mode.

TrendTechie

May 13, 2026

Subnautica 2 утекла на торренты до релиза

Subnautica 2 was leaked on May 12, 48 hours before its early access launch on May 14, potentially originating from a reviewer with early access. This incident is similar to previous leaks of other major titles, but no statements have been made by the developers regarding the source of the leaks.

AppWizard

May 13, 2026

Playground Games confirms Forza Horizon 6 hack came from the inside

A 155 GB unencrypted build of Forza Horizon 6 has leaked online ahead of its release, confirmed by Playground Games to have originated from a reviewer, influencer, or industry insider, not a Steam employee or technical glitch. The leak includes thousands of assets, granting unauthorized early access to the game's content. This incident raises concerns about the handling of unreleased game builds and could impact future release plans and the game's success. Playground Games may be able to identify the source of the leak through attached identifiers in the early access copies sent for review.