vulnerabilities Archives

Tech Optimizer

May 4, 2026

Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities

Cybersecurity researchers at Wiz’s ZeroDay.Cloud event in London exploited two significant vulnerabilities in PostgreSQL, tracked as CVE-2026-2005 and CVE-2026-2006, which were disclosed on May 4, 2026. The vulnerabilities were found in the pgcrypto extension, affecting public-key decryption and symmetric decryption functions. CVE-2026-2005 allows privilege escalation via a buffer overflow during public-key decryption, while CVE-2026-2006 enables attackers to corrupt memory through inadequate checks in symmetric decryption. PostgreSQL has released patches for these vulnerabilities across versions 14.21 to 18.2, and MariaDB addressed a related issue in versions 11.4.10 and 11.8.6. Database administrators are advised to apply updates and audit logs for suspicious activity.

AppWizard

May 4, 2026

Google’s got a new tool for making sure your phone is running the Android apps it should

Google is expanding its Binary Transparency initiative, originally focused on verifying Pixel firmware, to include its Android applications and Mainline updates. This initiative aims to enhance user trust by providing a publicly auditable record of all official app and Mainline updates, ensuring that only certified Google-approved releases are documented. The updated system began implementation in May, allowing users to track every officially published Google Android app and Mainline module.

Winsage

May 4, 2026

“Mysterious Update” from Microsoft Sparks Alarm: Windows Users on Edge Ahead of June 2026

Users of the Windows operating system are expressing concern over a new security update announced by Microsoft, described as "mysterious and unclear." Experts warn that the update may not only address existing vulnerabilities but could also lead to performance issues, conflicts with device drivers, and compatibility problems with current security software. Potential consequences include system slowdowns, instability, hardware malfunctions, and vulnerabilities in security solutions. Users are advised to stay informed and prepare for necessary adjustments to their systems.

Winsage

May 4, 2026

Microsoft Confirms Critical Windows Update Error Disrupting Global Systems

Microsoft has confirmed a critical bug in its latest cumulative update, affecting millions of Windows 10 and Windows 11 users. The issue leads to a "Restart and Shut Down" loop, preventing users from completing the update and locking them out of their devices. This disruption is particularly severe for corporate IT departments, with reports of entire office networks being paralyzed. The problematic update, identified as KB5037853, was meant to address security vulnerabilities but has caused systems to display an endless "Update and Restart" message. Some users experience a "Blue Screen of Death" (BSOD) and may be forced into "Recovery Mode." Microsoft is working on a "Known Issue Rollback" (KIR) to automatically undo the problematic code for consumer machines, while enterprise users may require manual intervention. The downtime is projected to result in significant financial losses, with large enterprises potentially losing up to ,600 per minute of unplanned downtime. Affected versions include Windows 11 22H2, 23H2, and Windows 10 22H2. Symptoms include failure to shut down, BSOD on boot, and missing Start menu icons. The estimated downtime ranges from 4 to 12 hours, depending on IT response speed. Critics have raised concerns about Microsoft's development process, suggesting it places users in the role of beta testers.

Winsage

May 3, 2026

You shouldn’t delay your Windows 11 updates, experts reveal

Experts advise against postponing Windows updates, as Microsoft has introduced features allowing users to control when updates occur. Users can pause updates for up to 35 days indefinitely, but delaying updates can lead to security vulnerabilities. Microsoft releases several types of updates: security updates, feature updates, quality updates, driver updates, optional updates, out-of-band updates, and zero-day updates. Zero-day updates are critical and should be installed immediately to avoid exploitation. Recent reports indicate that critical OS patching for Windows 10 and 11 is lagging by an average of 256 days, increasing the risk of cyber incidents.

Winsage

May 1, 2026

Windows shell spoofing vulnerability puts sensitive data at risk

Erik Avakian, a technical counselor at Info-Tech Research Group, discussed the patching deadlines set by the Cybersecurity and Infrastructure Security Agency (CISA) under Binding Operational Directive (BOD) 22-01, which requires U.S. federal agencies to address vulnerabilities within 14 to 21 days. CISA can expedite patching to as little as three days for high-risk exploits. The vulnerability CVE-2026-32202, rated 4.3 on the Common Vulnerability Scoring System (CVSS), was actively exploited but did not qualify for an urgent patch cycle, resulting in a 14-day deadline. Avakian noted the debate over whether this timeframe is sufficient, suggesting that Microsoft’s rating and other factors influenced the decision not to escalate to an emergency directive requiring a 48 to 72-hour response.

Winsage

April 30, 2026

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Attackers are exploiting CVE-2026-32202, a zero-click vulnerability in Windows Shell, allowing authentication of victims' systems without user interaction. This vulnerability stems from an incomplete patch for CVE-2026-21510 and has been used by the APT28 group with weaponized LNK files to bypass Windows security. Although Microsoft addressed these vulnerabilities in February 2026, the risk remains as opening a folder with a malicious LNK file can still connect victims' machines to the attacker's server, initiating an NTLM authentication handshake that exposes the victim’s Net-NTLMv2 hash. This affects various versions of Windows 10, 11, and Windows Server. Microsoft released a patch for CVE-2026-32202 on April 14, 2026, but did not label it as actively exploited until more than two weeks later, leaving security teams unaware of its urgency. Organizations are advised to apply the patch and consider blocking outbound SMB traffic to mitigate risks.

Winsage

April 29, 2026

Microsoft is changing the rules of the game: updates are no longer forced in Windows 11

Windows 11 has introduced a new update management model that allows users to pause updates indefinitely, transforming the previous 35-day limit into a flexible option. This change addresses user frustrations regarding unexpected reboots and system instability caused by updates. Users can now choose to restart or shut down their systems without automatic updates being installed. This adjustment aligns with Microsoft's strategy to enhance user autonomy, although the company warns that neglecting updates can increase security vulnerabilities. The new features are currently available in test builds, with a wider rollout expected soon.

AppWizard

April 29, 2026

Are you still using Sign in with Google? Here’s why you should stop

Relying on a single Google account for access to various services poses significant vulnerabilities, including the risk of account lockout due to forgotten credentials, phishing attacks, or arbitrary bans. This centralized approach can lead to loss of access to critical data and services. Sophisticated phishing techniques, such as Adversary-in-the-Middle (AiTM) attacks, can compromise account security by mimicking legitimate login screens. Additionally, linking multiple services through a Google account contributes to a comprehensive digital footprint that Google can analyze, raising privacy concerns. To enhance digital security, users are advised to create standalone accounts for various services and utilize password managers like KeePass, Bitwarden, and 1Password to maintain unique credentials.

Winsage

April 29, 2026

Microsoft stopped protecting Windows 10 — The fix is only $10

Windows 10 support ended in October 2024, leaving systems vulnerable to security threats. A lifetime license for Windows 11 Pro is currently available for .97, regularly priced at 9, with the offer expiring on May 3 at 11:59 PM. Windows 11 Pro includes features such as Microsoft Copilot, TPM 2.0, BitLocker encryption, Smart App Control, biometric recognition, Snap Layouts, improved memory management, DirectX 12 Ultimate, Windows Sandbox, and Hyper-V.