Two high-severity vulnerabilities discovered in libpng—the widely used reference library for reading and writing PNG images—create a sweeping risk for any software that parses images. The flaws can trigger process crashes, leak sensitive heap contents, and, on some platforms, enable arbitrary code execution. Because image handling is baked into web applications, server-side processing pipelines, mobile and embedded systems, and desktop
Author: Saugata Datta
I’m an IT/DevOps professional with many years of hands-on experience across Windows, Linux, Automation, Backup and Cloud. I love building real-world automations to make infrastructure reliable, secure, and self-healing. Through this blog, I share practical learnings from enterprise projects and my home-lab experiments on Cloudflare, Self-Hosting and everything in between. Always tinkering, always improving.
Supply-chain alert: axios NPM package poisoned to deliver WAVESHAPER.V2 backdoor
A high-risk software supply chain attack has poisoned widely used axios npm releases, turning routine installs into a cross-platform compromise. Developers, CI/CD systems, and production pipelines that pulled the tainted axios versions (1.14.1 and 0.30.4) risked silently receiving a multi-stage backdoor that targeted Windows, macOS, and Linux hosts. Because axios sits deep in many dependency trees, a single malicious release
Google Drive turns on AI ransomware detection by default for paying users
Google has moved its AI-powered ransomware detection for Drive out of beta and enabled it by default for paid customers, shifting cloud storage from a passive backup to an active containment point. First trialed in late 2025, the feature now scans files as they sync from desktop endpoints and pauses syncing when ransomware-like encryption is detected, alerting both users and
Microsoft issues emergency Windows 11 update KB5086672 to fix broken March preview (KB5079391)
Microsoft has released an out-of-band (OOB) emergency update—KB5086672—to address installation problems introduced by the March 2026 non-security preview update (KB5079391). The optional cumulative preview, which shipped for Windows 11 versions 24H2 and 25H2, was pulled after users began reporting installation failures with the error code 0x80073712. KB5086672 was published on March 31, 2026 as a replacement that both restores the
Hackers Weaponize Legitimate Windows Tools to Kill Antivirus — What Defenders Must Do Now
Ransomware gangs have evolved from noisy mass campaigns into precise, surgical operators. A growing and dangerous trend is the abuse of legitimate Windows utilities — tools built to help administrators troubleshoot and repair systems — as the first step in modern ransomware operations. By repurposing utilities such as Process Hacker, IOBit Unlocker, PowerRun, AuKill and TDSSKiller, attackers can silently neutralize
Google Lets You Change Your @gmail.com Address — Here’s How to Do It Safely
For more than twenty years, the email address you chose when creating a Google Account was effectively permanent. That meant awkward childhood handles, name changes after marriage, or simply wanting a cleaner, more professional address often required creating a brand-new Google Account and manually migrating data. Google has quietly changed that rule: users with @gmail.com addresses can now replace their