News

Windows 11's latest version (25H2) introduced Administrator Protection to replace the older User Account Control (UAC) system. This new feature aims to provide stronger security by limiting administrator access only when needed. However, security researchers discovered nine separate vulnerabilities in the feature that could allow attackers to silently gain full administrator privileges. All reported issues were fixed by Microsoft before official release through security update KB5067036 and subsequent bulletins. UAC, introduced in Windows Vista, also faced similar security limitations as it didn't create a hard security boundary. Administrator Protection addresses these weaknesses with improved design. Note: Microsoft disabled the feature on December 1, 2025, due to application compatibility issues. Source: Security research blog.

India is implementing a comprehensive approach to combat deepfakes and financial cybercrime. The multi-layered response involves coordination between government agencies, regulatory bodies, and law enforcement to address the growing threat of synthetic media fraud and digital financial crimes. Authorities are focusing on detection mechanisms, public awareness, and legal frameworks to protect citizens from deepfake-based scams and financial exploitation. The strategy emphasizes both preventive measures and swift response protocols to mitigate risks in the digital economy. Source: Observer Research Foundation.

Security researchers have identified critical vulnerabilities in Android devices, particularly the Pixel 9, exploitable through 0-click attack chains that require no user interaction. The analysis reveals that audio decoding processes in Google Messages and text-to-speech features create unnecessary attack surfaces by supporting rarely-used codecs like Dolby UDC. These decoders are typically not used for regular messaging but remain active, increasing vulnerability risks. Experts recommend removing uncommonly-used decoders from automatic processing to reduce exposure. The report also warns that AI-powered mobile features, while beneficial, may inadvertently expand 0-click attack surfaces without proper security review. Vendors must carefully evaluate how new features impact device security before deployment to protect users from sophisticated exploitation techniques.