user accounts Archives

AppWizard

November 21, 2025

SMB/Samba Server Pro For Android

SMB/Samba Server Pro is a mobile application that allows users to establish a secure SMBv3 server on their devices. Key features include fully customizable server settings, support for SD cards and attached USB (OTG), multiple user accounts with anonymous access, multiple shares (mount points), read/write share options, the ability to toggle visibility of hidden files, and root support. The app is priced at USD 0.99 and has a content rating suitable for everyone. It is compatible with various Android versions but currently holds a rating of 3.3 stars based on over 1,000 reviews. The application was developed by AL-SULTAN (Mohamed Gamal Al-Quaiti), but does not provide support contact details.

Winsage

November 21, 2025

Singin’ the Agentic Windows blues

Microsoft is evolving its Windows operating system into an agentic OS, which will connect devices, cloud, and AI to improve productivity and security. This includes the introduction of Microsoft’s Agent Workspace and Copilot Actions in Windows 11, allowing users to operate AI agents within secure workspaces. These agents will have distinct user accounts, known as Agent IDs, separate from the primary user account for enhanced security. To function effectively, these AI agents will need access to the primary user’s account permissions through the Windows On-Device Registry (ODR), enabling them to manage files, automate tasks, modify settings, and interact with system tools.

Winsage

November 19, 2025

New Windows 11 AI agents can work in the background but create new security risks

Microsoft has introduced "experimental agentic features" in the latest Windows 11 build for Windows Insider Program testers, which includes a feature called Copilot Actions. These agentic features are designed to autonomously perform tasks such as organizing files, scheduling meetings, and sending emails, acting as an "active digital collaborator" to enhance user productivity. The features are currently optional, off by default, and available only in early test builds. To address potential risks, Microsoft has implemented a strategy where AI agents operate under separate user accounts, ensuring they cannot make significant system changes without user approval. Agents maintain activity logs for accountability, and users can supervise their operations.

Winsage

November 18, 2025

Microsoft just revealed how Windows 11 is evolving into an agentic OS — finally the explanation we’ve all been waiting for

Microsoft has introduced a new support document detailing the transformation of Windows 11 into an agentic operating system, emphasizing AI-native capabilities that allow the PC to autonomously manage tasks. A new experimental feature, agent workspace, will soon be available in a private developer preview for Windows Insiders. This feature enables AI to run applications in parallel with the user, designed to be lightweight and secure, with scalable memory and CPU usage. Microsoft has identified three core security pillars for agentic OS experiences: non-repudiation, confidentiality, and authorization. Additionally, essential security principles for AI agents include autonomy, activity logging, user supervision, least privilege, and defined data processing purposes. Microsoft plans to integrate these capabilities into Windows 11, with applications like Copilot Actions being among the first to utilize them, and third-party developers will also be able to create their own AI agents using the provided framework.

Winsage

November 4, 2025

Russian Hackers Abuse Hyper-V to Hide Malware and Evade Endpoint Detection

A Russian-linked hacking group, Curly COMrades, is using Microsoft’s Hyper-V to conceal malware within compromised Windows systems. They install a small Alpine Linux virtual machine (VM) to run custom malware, evading endpoint detection and response (EDR) software since July. The group exploits Hyper-V's native features, enabling it on victim systems while disabling management clients to avoid detection. The VM, named “WSL,” hosts two C++ tools: ‘CurlyShell,’ a reverse shell, and ‘CurlCat,’ a reverse proxy, both designed to maintain persistence and obfuscate their activities. The VM occupies only 120MB of disk space and uses Hyper-V’s Default Switch for network traffic, making malicious communication appear to originate from the legitimate host. Additionally, Curly COMrades employs malicious PowerShell scripts for persistence and lateral movement, including creating local user accounts and using a modified TicketInjector for authentication across networks.

Winsage

November 3, 2025

Microsoft Sounds Windows 11 And Server Update Failure Alarm

Microsoft has confirmed that users of Windows 11 and Windows Server are experiencing authentication failures due to updates released on or after August 29. This issue, detailed in Microsoft Support posting KB5070568, is linked to duplicate Security IDs (SIDs) on devices, affecting Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. The problem arises from new security protections that enforce checks on SIDs, which are necessary to maintain user account integrity and prevent unauthorized access. Duplicate SIDs typically result from unsupported cloning or duplication of a Windows installation without using the Sysprep tool. The recent update mandates SID uniqueness, blocking authentication handshakes between devices with duplicate SIDs. To resolve this, users must rebuild their devices using supported methods for cloning or duplicating a Windows installation to ensure unique SIDs.

Winsage

October 29, 2025

How I unlocked God Mode in Windows 11 – and the wonders I can do with it

God Mode in Windows 11 is a feature that allows users to create a special folder for centralized access to a wide range of settings, including Backup and Restore, Color Management, Devices and Printers, Ease of Access, File History, Mouse configurations, Power Options, Programs and Features, Security and Maintenance, Speech Recognition, Troubleshooting, and User Accounts. To set up God Mode, users need to right-click on the desktop, select New, then Folder, and enter the string "explorer shell:::{ED7BA470-8E54-465E-825C-99712043E01C}" in the location field before clicking Next.

Winsage

October 28, 2025

Google probes exploitation of critical Windows service CVE

The Google Threat Intelligence Group (GTIG) is investigating cyberattacks linked to a hacker exploiting a vulnerability in the Windows Server Update Service (WSUS), specifically CVE-2025-59287. The threat actor, UNC6512, has targeted multiple organizations, gaining access to systems, conducting reconnaissance, and exfiltrating data. Despite a Microsoft patch released earlier, it has been ineffective. Researchers from HawkTrace and Eye Security have identified suspicious activities related to the vulnerability, with Eye Security noting at least two adversaries exploiting it. Palo Alto Networks Unit 42 confirmed the use of malicious PowerShell commands for exploitation. Shadowserver reported around 2,800 instances exposed to this flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and is urging users to implement the patch. CISA has found no evidence of federal agency impacts but encourages reporting of suspicious activities.

Winsage

October 28, 2025

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild

On October 14, 2025, a critical remote code execution (RCE) vulnerability, CVE-2025-59287, was discovered in Microsoft's Windows Server Update Services (WSUS). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code with system privileges on affected servers. It was initially addressed on October 14, but the patch was insufficient, leading to an urgent out-of-band update on October 23. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities Catalog on October 24, indicating its immediate threat. The vulnerability affects Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, specifically on servers with the WSUS role enabled. Attackers are exploiting the vulnerability by targeting publicly exposed WSUS instances on TCP ports 8530 (HTTP) and 8531 (HTTPS). Approximately 5,500 WSUS instances have been identified as exposed to the internet. Microsoft recommends disabling the WSUS Server Role or blocking inbound traffic to the high-risk ports as temporary workarounds for organizations unable to apply the emergency patches immediately.

Tech Optimizer

October 24, 2025

OAuth 2.0 authorization in PostgreSQL using Keycloak as an example

The Tantor Postgres 17.5.0 DBMS introduces OAuth 2.0 Device Authorization Flow for secure access to PostgreSQL via external identification providers like Keycloak. This feature will also be available in PostgreSQL 18. The setup involves configuring Keycloak, preparing PostgreSQL, writing an OAuth token validator, and verifying authorization through psql. Keycloak is an open-source access control system that simplifies user management and provides a single sign-on experience. To launch Keycloak, a Docker image is used, and an admin user is created with the username and password set to "admin." The process includes creating a realm named "postgres-realm," adding users (e.g., a user named "alice"), establishing client scopes, and creating a client named "postgres-client" with OAuth 2.0 Device Authorization Grant enabled. PostgreSQL requires specific configurations for OAuth operations, including creating a user, adjusting parameters in the postgresql.conf file, and setting up user mapping in pg_ident.conf and pg_hba.conf files. A role named "alice" is created with login rights. The postgresql.conf file specifies the OAuth validator library, and user mapping can be done via pg_ident.conf or a custom validator. The pg_hba.conf file is configured to allow client login to the database using OAuth, specifying the issuer parameter pointing to the Keycloak discovery service URL. A custom validator is implemented to handle token validation, ensuring that the required scopes are present in the received token. The validator includes functions for startup, shutdown, and token validation, which processes the token content and checks permissions against the HBA configuration.