abuse Archives

AppWizard

March 11, 2026

New Telegram app lets whistleblowers report fraud without sharing personal data

AlphaTON Capital Corp. and the Midnight Foundation launched the Vera Report, an anonymous reporting application for whistleblowers, on March 3, 2026. The platform uses advanced technologies such as confidential computing, zero-knowledge proofs, blockchain anchoring, and decentralized storage via IPFS. It targets a market of 1 billion monthly active users and addresses significant U.S. fraud losses estimated between 0 billion and trillion, with the DOJ recovering .8 billion in fiscal year 2025, of which .3 billion came from whistleblower cases. On the announcement day, ATON shares declined by 2.07%, with a market cap impact of approximately K. The Vera Report aims to improve privacy and accountability in government and corporate sectors by facilitating anonymous reporting while protecting whistleblower identities.

Winsage

March 6, 2026

Chinese hackers hide malware in Windows and Google Drive to hit targets

Chinese state-sponsored threat actors, specifically a group known as Silver Dragon, have been conducting espionage operations across Southeast Asia and Europe since at least mid-2024. They have targeted government entities in countries such as Russia, Poland, Hungary, Italy, Japan, Myanmar, and Malaysia. Silver Dragon is believed to be affiliated with APT41 and primarily uses phishing emails to initiate attacks, often containing weaponized documents or links. They employ a custom backdoor called GearDoor, which utilizes Google Drive for command-and-control operations, allowing them to exfiltrate stolen intelligence. The group also hijacks legitimate Windows services to load malicious code and uses tools like SSHcmd and Cobalt Strike for post-exploitation activities. Their tactics involve blending malicious activities with normal system operations, making detection difficult and increasing their dwell time within targeted networks.

AppWizard

March 6, 2026

YouTube Expands In-App Direct Messaging Test

YouTube is expanding its revamped direct messaging feature from an initial trial in Poland and Ireland to 31 European countries. This feature, available to signed-in users aged 18 and older, allows users to send direct messages and share videos within the YouTube app. The messaging remains experimental and is focused on one-on-one or small group interactions rather than creating a comprehensive social inbox. Users in the United States and other regions are not part of this trial. The age restriction and invite acceptance requirement aim to enhance safety and privacy. YouTube is implementing moderation tools, spam controls, and reporting mechanisms to ensure user protection. The effectiveness of this feature could influence future developments and potential global rollout.

Winsage

March 6, 2026

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a social engineering campaign named ClickFix that exploits the Windows Terminal application to deploy Lumma Stealer malware. Detected in February 2026, this campaign instructs users to access Windows Terminal using the Windows + X → I shortcut, enhancing its perceived legitimacy. Attackers evade detection by manipulating users into executing harmful commands through deceptive prompts. The attack chain involves pasting a hex-encoded command into Windows Terminal, which opens additional Terminal and PowerShell instances, leading to a PowerShell process that decodes a script. This process downloads a ZIP payload containing a renamed 7-Zip binary, which extracts files and initiates a multi-stage attack, including retrieving payloads, establishing persistence, configuring Microsoft Defender exclusions, exfiltrating data, and deploying Lumma Stealer by injecting it into "chrome.exe" and "msedge.exe." Lumma Stealer targets browser artifacts to harvest credentials. A secondary attack pathway involves downloading a batch script that writes a Visual Basic Script to the Temp folder and connects to Crypto Blockchain RPC endpoints, also using QueueUserAPC() for code injection into browsers to extract data.

AppWizard

March 4, 2026

Meet Vera Report, The App That Lets You Whistleblow Anonymously From a Smartphone Using Telegram Messenger

AlphaTON Capital Corp. and the Midnight Foundation have launched Vera Report, an anonymous reporting platform utilizing privacy-preserving blockchain technology and confidential computing for real-time reporting of fraud, waste, and abuse. A report by the Government Blockchain Association reveals an annual loss of billion to trillion due to federal fraud in the U.S. and highlights that whistleblower cases have recovered .3 billion under the DOJ’s False Claims Act in FY 2025. Despite potential savings of 0 billion from a 20% reduction in fraud, 31% of employees fear retaliation for reporting. Vera Report allows users to report fraud anonymously through a Telegram application, employing Zero-Knowledge Proofs, Confidential Computing, Blockchain Verification, Decentralized Storage, Automatic Metadata Stripping, and AI Credibility Assessment to protect submitters’ identities and improve reporting efficiency.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

AppWizard

February 24, 2026

Meta executive called Facebook Messenger encryption plan irresponsible court filing shows

Meta is implementing end-to-end encryption across its messaging services for Facebook and Instagram despite internal warnings about potential risks to child safety. Internal documents reveal that executives, including Monika Bickert, expressed concerns that the encryption would hinder the company's ability to report child exploitation incidents to law enforcement. A lawsuit filed by New Mexico Attorney General Raul Torrez accuses Meta of enabling predators to access underage users, leading to potential abuse and human trafficking. The New Mexico case is notable as it is the first against Meta to reach a jury amid heightened scrutiny regarding the safety of young users. Over 40 attorneys general are also pursuing claims that Meta's products contribute to youth mental health issues, and various school districts have filed lawsuits. Internal communications indicated that senior safety executives were worried about the implications of encryption, predicting a significant drop in reporting child exploitation cases. A briefing document from February 2019 estimated that child exploitation reporting would decrease by 65% if Messenger were encrypted. In response to these concerns, Meta spokesperson Andy Stone stated that the apprehensions from 2019 led to the development of additional safety features prior to the launch of encrypted messaging in 2023, including special accounts for underage users to protect them from adult contacts they do not know.

AppWizard

February 20, 2026

Google banned 80,000 developer accounts, blocked 27 million dangerous apps from outside Google Play and more: How Google kept Android users safe in 2025 – The Times of India

Google's annual review highlighted its security measures for Android and Google Play, reporting that in 2025, it prevented over 1.75 million policy-violating apps from being published and banned more than 80,000 developer accounts. Google Play conducted over 10,000 safety checks on every app, blocked 160 million spam ratings, and Google Play Protect scanned over 350 billion Android apps daily. New fraud protection features were introduced, blocking 266 million risky installations and protecting users from 872,000 high-risk applications. Developer tools were enhanced with Play Policy Insights and expanded pre-review checks, while the Play Integrity API conducted over 20 billion checks daily. Google plans to invest further in AI-driven defenses and implement developer verifications in 2026.

AppWizard

February 20, 2026

Google cleans house, bans 80,000 developer accounts from the Play Store

Google blocked the publication of over 1.75 million policy-violating applications on its Google Play platform in 2025 and took action against over 80,000 developer accounts attempting to introduce harmful apps. The company conducted more than 10,000 safety checks on every app and integrated generative AI models into its app review process, preventing over 255,000 apps from gaining excessive access to sensitive user data. Google blocked 160 million fake or manipulated ratings and reviews in the previous year and identified more than 27 million new malicious apps from outside Google Play, thwarting 266 million risky installation attempts in 2025. Google introduced in-call scam protection to prevent users from disabling Google Play Protect during phone calls. The Play Policy Insights tool provides developers with real-time feedback, and the Play Integrity API performs over 20 billion daily checks to prevent abuse. Google plans to extend developer verification to all developers and has implemented protections for sensitive data in Android 16.