user permissions Archives

Winsage

March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.

AppWizard

February 13, 2026

Android’s Advanced Protection Mode now targets your favorite customization, automation apps

Google is refining its Advanced Protection Mode to enhance security for high-risk individuals by implementing new restrictions on the AccessibilityService API. This API, while beneficial for users with disabilities, has been misused by various applications, leading to security vulnerabilities. Google now requires applications that assist users with disabilities to declare their status as Accessibility Tools by including the isAccessibilityTool attribute in their metadata. Recent updates in the Android Canary 2602 release allow Advanced Protection Mode to disable access to the Accessibility Service API for apps that do not qualify as Accessibility Tools, revoking any previously granted permissions. When enabled, Advanced Protection Mode restricts apps like dynamicSpot, which rely on the Accessibility Service API, while allowing classified Accessibility Tools to function normally. This change aims to improve security by treating non-Accessibility Tools as incompatible with a secure environment.

Winsage

February 11, 2026

Microsoft dials up the nagging in Windows, calls it security

Microsoft is introducing new security features for its Windows operating system, including "Windows Baseline Security Mode" and "User Transparency and Consent." The Baseline Security Mode will enforce runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to operate, with options for users to override these safeguards for legacy applications. The User Transparency and Consent feature will require explicit user consent for applications accessing sensitive resources, moving away from the current User Account Control prompts. Microsoft aims to enhance user security and privacy while providing clear and actionable notifications. CrowdStrike's Chief Technology Innovation Officer expressed support for this initiative, emphasizing the importance of user consent settings for security software effectiveness. Microsoft has a history of security initiatives, including the Secure Future Initiative, and plans to hold applications and AI tools to higher transparency standards. The rollout of these updates will occur in phases, although no specific timeline has been provided.

AppWizard

January 29, 2026

I turned my phone into a Linux desktop with this free app

Smartphones can function as desktop replacements, exemplified by the Steam Deck and the introduction of Local Desktop, which allows users to install a full Arch Linux environment on Android devices. Users can run applications like VS Code and Firefox by connecting a keyboard, with installation taking about ten minutes and not requiring root access. However, the installation process may require multiple attempts for stability due to various errors. Once set up, users can enhance their experience with the yay package manager, although some applications may not perform optimally. Local Desktop operates by installing an Arch Linux ARM64 filesystem within the app's internal storage and using proot to create a chroot-like environment. The display mechanism employs a minimal Wayland compositor for improved responsiveness. While it offers a portable Linux environment, performance can vary, and it is not suited for heavy workloads. The experience may appeal to tech enthusiasts willing to navigate its challenges.

Winsage

December 2, 2025

Microsoft Warns About New Experimental Feature in Windows – Jordan News | Latest News from Jordan, MENA

Microsoft has alerted Windows 11 users about a new experimental AI feature called the “Proxy Server,” introduced in build 26220.7262, which can be manually activated in the “AI Components” section. Users receive a cautionary message regarding the feature's experimental nature and potential impacts on device performance, including inaccuracies and unexpected behavior. The underlying language model is still in development, leading to risks of inaccuracies due to incomplete training data. Experts have raised concerns about vulnerabilities to cyber threats, with reports of cybercriminals exploring ways to exploit the AI features. The “Proxy Server” has default read and write permissions to critical user directories, raising security concerns. Microsoft plans to enhance security measures with more granular permission controls and advises that the feature should only be enabled by users aware of the associated risks.

Winsage

November 18, 2025

Microsoft’s vision of “AI-native” Windows is becoming real, update introduces agents that pilfer through your files — Latest Windows 11 Insider build includes experimental AI agents toggle that can perform tasks for you in the background

A senior Microsoft executive announced the evolution of Windows into an agentic operating system with AI features, which has been met with skepticism on social media. The Windows Insider Blog introduced AI agents in Windows 11 Insider Build 26220.7262, featuring an "Experimental agentic features" toggle that allows the creation of an "Agent Workspace," an isolated desktop environment. Currently, Agent Workspaces are non-functional and serve only as a toggle option. The AI agents are designed to handle routine tasks locally on users' machines, inspired by applications like ChatGPT and Copilot Actions. The Agent Workspace operates separately from standard directories, ensuring actions are logged for security. AI agents are disabled by default, requiring administrator privileges to enable, and can be granted read/write access to specific folders based on user permissions. The introduction of Agent Workspaces creates a new user account for the AI agent, maintaining administrative control and distinct permissions. However, the functionality is limited, leading to user frustration over unaddressed issues in the operating system.

AppWizard

November 13, 2025

Google’s new AI shopping features arrive just in time for a hassle-free holiday season

Google has launched Gemini tools to enhance holiday shopping with AI assistance, enabling real-time inventory checks and agentic checkout. Users can engage with AI to receive tailored product results, including images, pricing, reviews, and inventory status. The AI can locate products in stock at nearby stores and contact retailers on behalf of users. Additionally, the agentic checkout feature allows users to track specific items and receive notifications for price drops, facilitating purchases directly through Google Pay. These features are currently available in the U.S. as of November 13, with plans for future expansion.

Tech Optimizer

November 7, 2025

Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus

A banking trojan named Herodotus targets Android users globally, operating as Malware-as-a-Service and disguising itself as a legitimate app to lure users into downloading an APK from unofficial sources. Once installed, it gains critical system permissions to perform banking operations on behalf of the user. The malware is primarily distributed through SMS phishing campaigns that lead victims to fraudulent download pages. Herodotus employs overlay attacks to steal credentials and hijack sessions, posing a significant threat to financial security. It uses advanced evasion tactics, including random delays and realistic typing patterns, to avoid detection by traditional antivirus solutions. The trojan captures screen content and keystrokes, allowing real-time monitoring of user activity. Detection is complicated as Herodotus circumvents defenses by installing from unknown sources and executing harmful actions only after obtaining user permissions. Effective defense requires recognizing multiple indicators of compromise, such as suspicious SMS links and behavioral anomalies, which traditional antivirus protection often overlooks.

AppWizard

September 2, 2025

Android Droppers Evolve from Banking Trojans to Spyware Threats

Android droppers, originally designed to deploy banking Trojans, are now being repurposed to deliver simpler payloads like SMS stealers and spyware. There has been a notable increase in dropper campaigns, especially in Asia, shifting focus from financial malware to broader data exfiltration and surveillance. These droppers often masquerade as legitimate applications, gaining user permissions to install secondary malware that can read SMS messages, which is critical for hijacking two-factor authentication. Google is enhancing Android security with mandatory developer verifications by 2026, but droppers like SecuriDropper can evade detection through dropper-as-a-service models. Campaigns such as LunaSpy exploit messaging apps to deliver spyware disguised as antivirus software, increasing infection rates. Over 200 banking and cryptocurrency applications are potentially at risk due to these threats. To mitigate these risks, enterprises are encouraged to implement multi-layered defenses and proactive monitoring of app behaviors. The adaptive nature of droppers poses ongoing challenges for mobile security.

Winsage

August 29, 2025

You don’t need to wait for SteamOS to ditch Windows: I’ve been running Linux for the past 2 months and the revolution is already here

Many users are seeking alternatives to Microsoft due to the upselling of Office 365 and the prevalence of AI features in Windows, with Linux emerging as a popular option. Bazzite is a user-friendly Linux distribution designed for gamers, offering a choice between a KDE variant with a Windows-like interface and a GNOME variant similar to macOS. It aims to replicate the SteamOS experience and has shown commendable performance for gaming, allowing many titles from the Steam library to run smoothly, including System Shock 2 remaster, Pillars of Eternity, The Witcher 3, Hunt: Showdown, Baldur's Gate 3, and Stonks-9800. However, online multiplayer games with strict anti-cheat systems, like Fortnite and Valorant, may not perform well on Linux. HDR support can be inconsistent, but Linux generally manages multi-monitor setups better than Windows.