vulnerabilities Archives

AppWizard

May 25, 2026

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Zimperium identified a sophisticated malware campaign that exploited nearly 250 Android applications, posing as popular games and social media platforms. The malware ensnared users into premium subscription services without consent, using techniques like JavaScript injection and interception of one-time passwords. The campaign primarily targeted users in Malaysia, Romania, Thailand, and Croatia, with the malware capable of reading SIM cards and activating for specific mobile carriers. Zimperium first detected the scam in March 2025 and monitored it until at least January 2026. Google stated that none of the compromised applications were available on its app store and emphasized that Android users are protected by Google Play Protect. The hackers deployed three malware variants, with the first using an automated subscription engine, the second targeting users in Thailand with premium SMS messages, and the third combining SMS fraud with real-time notifications to attackers via Telegram. The campaign primarily affected Malaysian SIM card users, with significant activity also in Thailand and Romania. Despite the campaign's last known activity in January, parts of its infrastructure remain operational. The attacks highlight vulnerabilities in application security and the challenges of policing app downloads from third-party marketplaces.

AppWizard

May 25, 2026

You already know Russia’s Max messenger spies on users. You probably don’t know just how many surveillance tools it hides, including even a neural network for eavesdropping.

Concerns about the Russian messaging application Max have grown due to vulnerabilities and surveillance features identified by IT specialists. An analysis revealed that Max can disable encryption on conversations with a single command and includes a forced-update feature that restricts user communication until the app is updated. Max collects extensive user data, including a list of installed applications and checks for VPNs, and has the ability to disable TLS session validation. Additionally, a version of Max included a neural network for speech recognition, although these features were later removed. Despite these concerns, VK, the parent company of Max, reported rapid user growth, surpassing 120 million users as of early May, with a daily reach of 68 million users. Many users are switching from Telegram to Max due to accessibility issues with Telegram and pressure from authorities. Major mobile carriers in Russia have collaborated with VK to send authentication messages through Max, further embedding the app in users' daily lives. However, Max has faced challenges in becoming a primary source for news and entertainment, hosting around 300,000 public channels compared to Telegram's 1.6 million, which has hindered advertising growth and led to an increase in scams.

Winsage

May 25, 2026

Use Tiny11 to Rescue a Computer Running Windows 10

Microsoft has ended official updates and security patches for Windows 10, raising security concerns for users. Tiny11, an unofficial and streamlined version of Windows 11, serves as an alternative for those unable to upgrade due to hardware limitations. Tiny11 reduces bloat by removing preinstalled applications but lacks regular updates and robust security protections. A valid Windows 11 license key is required to use Tiny11. Users can obtain a Tiny11 ISO by downloading it from the Internet Archive or creating their own using a script from the Tiny11 GitHub page alongside an official Windows 11 ISO. To create a bootable USB drive for installation, users need at least an 8 GB USB drive and a program like Rufus.

Tech Optimizer

May 25, 2026

Avast One review: Robust protection at a reasonable price… but with some compromises

Avast One is an antivirus solution that offers protection against various digital threats, including AI-generated scams and deepfakes. It features an AI assistant that analyzes texts, links, and images for suspicious content. The starting price is .99 per year, and it supports Windows, macOS, Android, and iOS, with device support ranging from 1-10 for consumers and 1-999 for businesses. Key features include malware protection, ransomware protection, identity theft protection (Ultimate only), webcam protection, a VPN (Ultimate only), a password manager, cloud backup (Business only), a firewall, and a secure browser. The free version provides basic virus and malware protection, while the Premium Security plan starts at .99 for the first year and the Ultimate plan starts at .99. Performance tests show minimal impact on gaming experiences, and the software offers various scanning options. The interface is user-friendly, though some features require higher-tier plans. Avast provides 24/7 support through email, chat, and telephone, but the chat system requires preliminary questions to be answered.

Winsage

May 25, 2026

Windows zero-days expose gaps in built-in security protections

Two Windows zero-day vulnerabilities, YellowKey and GreenPlasma, have been identified. YellowKey targets the Windows Recovery Environment (WinRE) on Windows 11 and Windows Server 2025, allowing attackers with physical access to bypass BitLocker protections using a USB device. GreenPlasma affects Windows 10, Windows 11, and Windows Server environments with active Collaborative Translation Framework Monitor (CTFMON) sessions, enabling local privilege escalation from a standard user account to SYSTEM-level privileges. Both vulnerabilities require either physical or local access to exploit. Microsoft has not yet released patches for these vulnerabilities, prompting organizations to enhance their security measures and operational resilience. Recommendations include reassessing physical security, limiting local administrative access, and implementing multifactor authentication and robust credential management practices.

Winsage

May 23, 2026

‘Pause Windows Updates’—Microsoft Starts Fixing PC Problem

Microsoft is changing its approach to Windows updates by allowing users to pause updates for one week and is developing a new feature called “Pick a date” that will enable users to pause updates for up to 35 days. Users will have the option to extend the pause period through a calendar feature. This shift comes in response to user frustrations and the increasing number of updates, which may indicate a need for better user control over update timing. However, experts advise against indefinite postponement of updates due to security risks.

Winsage

May 23, 2026

Microsoft says you should pause Windows 11 Updates when you need to work, as it tests greater controller

Microsoft is shifting its approach to Windows updates, responding to user frustrations about receiving update notifications during critical work hours. The company is currently testing more nuanced controls for updates with Windows Insiders, including a "Pick a date" feature that allows users to pause updates for up to 35 days, with the option to extend the pause indefinitely. Retail Windows 11 users can pause updates for up to five weeks, after which updates will automatically download without further pause options. Microsoft acknowledges that the frequency of updates can disrupt workflows for its 1.6 billion users, many of whom view mandatory updates as interruptions. The time required for updates has increased due to larger cumulative update packages, which can exceed 4GB, and the complexity of the operating system. To improve user control, Microsoft is testing a new power menu that separates update and shutdown options, allowing users to power down without installing updates. Additionally, updates will now include device class information in their titles for better user awareness. These changes aim to streamline the update experience and address long-standing user complaints.

Winsage

May 23, 2026

Microsoft Windows Дефендер тизимидаги хавфли заифликларни бартараф этди

Microsoft has identified two significant vulnerabilities in Windows Defender, specifically related to the Malware Protection Engine, which could allow denial-of-service attacks. These vulnerabilities could destabilize the security mechanism of Windows. Microsoft has released patches in versions 1.1.26040.8 and 4.18.26040.7 of the Malware Protection Engine to address these issues. Users with automatic updates enabled will receive these patches without further action, but it is recommended that users manually check for updates in the Windows Security settings. There is currently no evidence that these vulnerabilities have been exploited in real-world scenarios.

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Tech Optimizer

May 23, 2026

CVE-2026-9082: Critical Drupal Core SQLi Flaw

Drupal has issued critical security updates for a vulnerability in Drupal Core, identified as CVE-2026-9082, which affects sites using PostgreSQL databases. This flaw allows anonymous attackers to exploit the system through arbitrary SQL injection, posing risks such as sensitive information disclosure, privilege escalation, and remote code execution. The vulnerability is rated 20 out of 25 by Drupal and 6.5 out of 10 by CVE.org. It specifically impacts the database abstraction API, which fails to properly sanitize queries. The fixed versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10, with best-effort patches available for unsupported versions 9.5 and 8.9. Organizations are advised to inventory their Drupal installations, verify PostgreSQL usage, and prioritize patching for public-facing sites.