user authentication Archives

Winsage

March 19, 2026

AI Fatigue: Microsoft Pulls Back on Putting Microsoft Copilot Everywhere in Windows 11

Microsoft has decided to abandon plans to integrate Copilot more deeply into Windows 11 following user complaints. Features that would have introduced AI-driven notifications and enhancements are no longer being pursued. The company acknowledged user pain points and is shifting focus towards core stability fixes scheduled for 2026. Additionally, the launch of Windows Recall in 2024 faced privacy issues, leading to a revised version that includes data encryption and user authentication. Microsoft has also allowed administrators on Pro and Enterprise systems to uninstall the Copilot app under certain conditions, reflecting a response to user feedback and past update failures.

Winsage

March 5, 2026

Bitwarden now lets users log into Windows 11 using passkeys

Bitwarden has introduced a feature that allows Windows 11 users to log in using passkeys stored in their vaults, enhancing security by enabling phishing-resistant authentication at the operating system's login screen. Users can authenticate by scanning a QR code displayed on the Windows screen with the Bitwarden app on their mobile device, which verifies access to the stored passkey. This feature requires the Windows device to be joined to Microsoft Entra ID and for the organization to enable FIDO2 security key sign-in. Users must also register a passkey for their Entra ID profile stored in Bitwarden. The integration aims to improve security against cyber attacks targeting operating system authentication. Microsoft plans to roll out this passkey-based Windows login feature in March, depending on the organization's Microsoft Entra ID configuration, and it will be available across all Bitwarden plans, including the free tier.

AppWizard

December 11, 2025

Android 17 will boost Xiaomi’s app lock security to a new level

Android 17 introduces a system app locking feature, enhancing mobile security with a new permission structure called LOCK_APPS, allowing only system apps and designated launchers to execute this functionality. This feature utilizes the Biometric Prompt API for user authentication via fingerprint, facial recognition, or PIN. Users can lock or unlock apps by long-pressing the app icon on the launcher, which sends a SETAPPLOCK request to Android's core security service. The app lock will only be available on handheld devices, excluding Android Automotive, Wear OS, and Android TV. The feature is expected to debut later in the rollout of Android 17, benefiting Xiaomi devices and HyperOS.

AppWizard

November 27, 2025

Epic Games Store Down Right Now? Why The PC Launcher Is Having Issues

The Epic Games Store is experiencing significant disruptions, with many PC players unable to log in, access their game libraries, or launch titles due to issues with Epic Online Services (EOS) login systems. An active incident titled “EOS Login Issues” has been logged for November 26, 2025, affecting not only the Epic Games Store but also popular games like Fortnite, Rocket League, and Fall Guys. Epic has acknowledged the problems and is investigating, but no timeline for resolution has been provided. Reports indicate that thousands of players are facing launcher errors and login loops. The root cause appears to be a malfunction within EOS, which is responsible for user authentication. Players are advised to check Epic’s status page and avoid local troubleshooting measures. The outage disrupts free game claims, store sales, and access to online titles, but players should not lose their games or purchases as they are linked to their Epic accounts.

Tech Optimizer

October 29, 2025

Oracle Database 23ai Adds Native Boolean Support, Aligning with PostgreSQL

Oracle has introduced a native Boolean data type in its Oracle Database 23ai, aligning more closely with features in competitors like PostgreSQL. Previously, Oracle developers used numeric values or varchar types to represent true/false logic. The new Boolean type aims to streamline application code and improve compatibility with modern programming languages. This feature comes decades after PostgreSQL integrated native Boolean support, which allows values of true, false, or null and enhances query reliability. PostgreSQL's early adoption of this feature provides it with a competitive edge in scenarios requiring precise conditional logic. Oracle's new Boolean type is intended to facilitate smoother migrations and improve interoperability, addressing challenges faced by users transitioning from PostgreSQL. However, Oracle's implementation is still developing, and users may encounter version-specific behaviors. Tools like HexaRocket from HexaCluster can assist in mapping Boolean types for seamless migrations. Despite the advancements, Oracle users may face backward compatibility issues with legacy applications. The introduction of the native Boolean type reflects broader trends in database innovation and the competitive dynamics between Oracle and open-source alternatives like PostgreSQL.

AppWizard

September 18, 2025

Google, Gmail, and Meet hit by widespread outage, causing login issues

Google experienced a significant outage this morning, affecting services such as Google Meet, Gmail, and Drive, starting around 11 am ET. Over 6,000 users reported login issues on DownDetector, encountering '502' error messages. The outage also impacted third-party websites using Google credentials for authentication. Google acknowledged the problem and confirmed that their engineering team was working on a solution. By 8:30 am PDT (11:30 am ET), they identified the cause and restored functionality. Additionally, Google Maps faced loading issues, displaying only outlines without names, but this was also resolved.

TrendTechie

August 18, 2025

Медиа-сервер на основе Telegram-бота / Питонист пробует Go

The project involved creating a Telegram bot to streamline the process of downloading and viewing movies in a home theater setup. The bot integrates with DLNA technology, allowing films to be played on various devices within a home network. Key functionalities include downloading films from torrents and streaming sites, automatic re-encoding for compatibility with older televisions, download monitoring, file management, and a role-based access system. The bot supports multiple languages and can issue temporary access for guests. Initially developed in Python, the bot was later rewritten in Go for better performance and compatibility across hardware platforms. It requires at least 1 GB of RAM and a Linux operating system to function effectively. The source code is available on GitHub.

Winsage

August 11, 2025

New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Servers/Endpoints, Domain Controllers Into DDoS Botnet

Researchers Yair and Shahak Morag from SafeBreach Labs introduced a new category of denial-of-service (DoS) attacks called the “Win-DoS Epidemic” at DEF CON 33. They identified four new vulnerabilities in Windows DoS and one zero-click distributed denial-of-service (DDoS) flaw, classified as “uncontrolled resource consumption.” The vulnerabilities include: - CVE-2025-26673 (CVSS 7.5): High-severity DoS vulnerability in Windows LDAP. - CVE-2025-32724 (CVSS 7.5): High-severity DoS vulnerability in Windows LSASS. - CVE-2025-49716 (CVSS 7.5): High-severity DoS vulnerability in Windows Netlogon. - CVE-2025-49722 (CVSS 5.7): Medium-severity DoS vulnerability in Windows Print Spooler, requiring an authenticated attacker on an adjacent network. These vulnerabilities can incapacitate Windows endpoints or servers, including Domain Controllers (DCs), potentially allowing for the creation of a DDoS botnet. The researchers also discovered a DDoS technique called Win-DDoS that exploits a flaw in the Windows LDAP client’s referral process, enabling attackers to redirect DCs to a victim server for continuous redirection. This method can leverage public DCs globally, creating a large, untraceable DDoS botnet without specialized infrastructure. Additionally, the researchers examined the Remote Procedure Call (RPC) protocol and found three new zero-click, unauthenticated DoS vulnerabilities that can crash any Windows system. They also identified another DoS flaw exploitable by any authenticated user on the network. The researchers released tools named “Win-DoS Epidemic” to exploit these vulnerabilities, highlighting the need for organizations to reassess their security measures regarding internal systems and services like DCs.

AppWizard

July 31, 2025

Android users to finally get an extra layer of security on Chrome

Google Chrome on Android will soon require biometric verification to autofill passwords, enhancing security by preventing autofill without user authentication. This feature will be available in Google Password Manager and is expected to roll out more widely soon. Currently, Chrome has an option for biometric authentication in its Autofill settings, but this has only applied within apps. The update will extend this requirement to all apps, including Chrome, and will be labeled "Verify it's you" in the settings. Users will need to authenticate their identity through fingerprint, facial recognition, or screen lock before passwords can be autofilled. While an official release date is not yet announced, the feature has started appearing for some users, indicating a potential imminent rollout.

AppWizard

July 8, 2025

Qwizzserial Android Malware Poses as Legit Apps to Steal Banking Info and Bypass 2FA via SMS Interception

A newly identified Android malware family, Qwizzserial, has emerged as a significant threat in Uzbekistan, disguising itself as legitimate financial and government applications. It spreads primarily through Telegram, using deceptive channels to impersonate authorities and financial institutions, luring victims with offers of financial assistance. Upon installation, Qwizzserial requests permissions related to SMS and phone state, prompting users to input sensitive information such as phone numbers and bank card details, which it exfiltrates via the Telegram Bot API or HTTP POST requests. The malware intercepts incoming SMS messages, including one-time passwords (OTPs) for two-factor authentication, and can extract financial information from messages. Analysts from Group-IB have tracked around 100,000 infections linked to Qwizzserial, with confirmed financial losses exceeding ,000,000 within three months. The malware's infection pattern follows a Pareto distribution, with a small subset of samples causing the majority of infections, particularly those impersonating financial institutions. Security solutions have developed detection rules for Qwizzserial, and organizations are encouraged to implement user education and monitoring to mitigate risks. End-users are advised against installing applications from untrusted sources and to scrutinize app permissions. Indicators of Compromise (IOC) include specific C2 domains and file hashes for both example and latest samples of Qwizzserial.