user permissions Archives

Winsage

April 16, 2026

CISA flags Windows Task Host vulnerability as exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Windows Task Host, identified as CVE-2025-60710, which poses a risk of privilege escalation, potentially allowing attackers to gain SYSTEM privileges. This flaw affects devices running Windows 11 and Windows Server 2025 and arises from a weakness in link following. Microsoft released a patch for this issue in November 2025. CISA has added CVE-2025-60710 to its list of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. CISA encourages all organizations, including those in the private sector, to implement necessary patches and improve network security. CISA also advised organizations to follow vendor instructions for mitigations or discontinue use of the affected product if mitigations are unavailable.

AppWizard

April 14, 2026

Best Android Fax Apps (2026): What Actually Matters for Real-World Use

The Municorn Fax App is designed for users who send a high volume of faxes, offering no per-page pricing or limitations. iFax is tailored for structured workflows in industries like healthcare, featuring strong encryption and cloud storage integrations. Fax.Plus is aimed at teams with user permissions and workflow management, while eFax is a familiar option that provides basic fax functions but may feel outdated. The FAX App focuses on simplicity for quick sending but may not meet the needs of regular users. Overall, the effectiveness of fax apps is influenced by their pricing models, simplicity, and ability to integrate into daily workflows, particularly in sectors where reliability is crucial.

AppWizard

March 12, 2026

Fake Red Alert app used in Android spyware smishing

Acronis' Threat Research Unit has discovered a targeted campaign against Android users involving a counterfeit version of Israel's Red Alert rocket warning app that distributes spyware. The malicious software is spread through SMS messages that appear to be official communications from the Home Front Command, prompting users to download an "update." The fraudulent app mimics the legitimate safety tool, maintaining its rocket alert functionality to avoid detection. Once installed, the spyware collects sensitive data such as SMS messages, contacts, location information, device accounts, and a list of installed applications. This tactic, termed "smishing," combines SMS and phishing techniques. The malware uses sophisticated methods like certificate spoofing and runtime manipulation to bypass Android's signature checks, and it consists of a loader and a secondary component that executes the real alert application while the spyware operates in the background. The spyware monitors user permissions and can harvest SMS messages, contacts, and location data, adjusting its behavior based on the user's geographical position. It sends collected data to a remote command-and-control server, with the exfiltration endpoint identified as ra-backup[.]com. Acronis suggests this campaign may be linked to the group Arid Viper (APT-C-23), known for targeting Israeli interests with trojanized Android applications. Researchers recommend users only download apps from official sources, avoid sideloading packages from SMS links, and review app permissions carefully. They advise checking for the package name com.red.alertx on devices and performing a factory reset if found, along with changing credentials for any accessed accounts.

Winsage

March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.

AppWizard

February 13, 2026

Android’s Advanced Protection Mode now targets your favorite customization, automation apps

Google is refining its Advanced Protection Mode to enhance security for high-risk individuals by implementing new restrictions on the AccessibilityService API. This API, while beneficial for users with disabilities, has been misused by various applications, leading to security vulnerabilities. Google now requires applications that assist users with disabilities to declare their status as Accessibility Tools by including the isAccessibilityTool attribute in their metadata. Recent updates in the Android Canary 2602 release allow Advanced Protection Mode to disable access to the Accessibility Service API for apps that do not qualify as Accessibility Tools, revoking any previously granted permissions. When enabled, Advanced Protection Mode restricts apps like dynamicSpot, which rely on the Accessibility Service API, while allowing classified Accessibility Tools to function normally. This change aims to improve security by treating non-Accessibility Tools as incompatible with a secure environment.

Winsage

February 11, 2026

Microsoft dials up the nagging in Windows, calls it security

Microsoft is introducing new security features for its Windows operating system, including "Windows Baseline Security Mode" and "User Transparency and Consent." The Baseline Security Mode will enforce runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to operate, with options for users to override these safeguards for legacy applications. The User Transparency and Consent feature will require explicit user consent for applications accessing sensitive resources, moving away from the current User Account Control prompts. Microsoft aims to enhance user security and privacy while providing clear and actionable notifications. CrowdStrike's Chief Technology Innovation Officer expressed support for this initiative, emphasizing the importance of user consent settings for security software effectiveness. Microsoft has a history of security initiatives, including the Secure Future Initiative, and plans to hold applications and AI tools to higher transparency standards. The rollout of these updates will occur in phases, although no specific timeline has been provided.

AppWizard

January 29, 2026

I turned my phone into a Linux desktop with this free app

Smartphones can function as desktop replacements, exemplified by the Steam Deck and the introduction of Local Desktop, which allows users to install a full Arch Linux environment on Android devices. Users can run applications like VS Code and Firefox by connecting a keyboard, with installation taking about ten minutes and not requiring root access. However, the installation process may require multiple attempts for stability due to various errors. Once set up, users can enhance their experience with the yay package manager, although some applications may not perform optimally. Local Desktop operates by installing an Arch Linux ARM64 filesystem within the app's internal storage and using proot to create a chroot-like environment. The display mechanism employs a minimal Wayland compositor for improved responsiveness. While it offers a portable Linux environment, performance can vary, and it is not suited for heavy workloads. The experience may appeal to tech enthusiasts willing to navigate its challenges.

Winsage

December 2, 2025

Microsoft Warns About New Experimental Feature in Windows – Jordan News | Latest News from Jordan, MENA

Microsoft has alerted Windows 11 users about a new experimental AI feature called the “Proxy Server,” introduced in build 26220.7262, which can be manually activated in the “AI Components” section. Users receive a cautionary message regarding the feature's experimental nature and potential impacts on device performance, including inaccuracies and unexpected behavior. The underlying language model is still in development, leading to risks of inaccuracies due to incomplete training data. Experts have raised concerns about vulnerabilities to cyber threats, with reports of cybercriminals exploring ways to exploit the AI features. The “Proxy Server” has default read and write permissions to critical user directories, raising security concerns. Microsoft plans to enhance security measures with more granular permission controls and advises that the feature should only be enabled by users aware of the associated risks.

Winsage

November 18, 2025

Microsoft’s vision of “AI-native” Windows is becoming real, update introduces agents that pilfer through your files — Latest Windows 11 Insider build includes experimental AI agents toggle that can perform tasks for you in the background

A senior Microsoft executive announced the evolution of Windows into an agentic operating system with AI features, which has been met with skepticism on social media. The Windows Insider Blog introduced AI agents in Windows 11 Insider Build 26220.7262, featuring an "Experimental agentic features" toggle that allows the creation of an "Agent Workspace," an isolated desktop environment. Currently, Agent Workspaces are non-functional and serve only as a toggle option. The AI agents are designed to handle routine tasks locally on users' machines, inspired by applications like ChatGPT and Copilot Actions. The Agent Workspace operates separately from standard directories, ensuring actions are logged for security. AI agents are disabled by default, requiring administrator privileges to enable, and can be granted read/write access to specific folders based on user permissions. The introduction of Agent Workspaces creates a new user account for the AI agent, maintaining administrative control and distinct permissions. However, the functionality is limited, leading to user frustration over unaddressed issues in the operating system.

AppWizard

November 13, 2025

Google’s new AI shopping features arrive just in time for a hassle-free holiday season

Google has launched Gemini tools to enhance holiday shopping with AI assistance, enabling real-time inventory checks and agentic checkout. Users can engage with AI to receive tailored product results, including images, pricing, reviews, and inventory status. The AI can locate products in stock at nearby stores and contact retailers on behalf of users. Additionally, the agentic checkout feature allows users to track specific items and receive notifications for price drops, facilitating purchases directly through Google Pay. These features are currently available in the U.S. as of November 13, with plans for future expansion.