activity Archives

Winsage

April 20, 2026

Original Task Manager creator explains why it lies to you about CPU usage — former Microsoft engineer shows unique solution to a seemingly simple, but actually complicated, task

Dave Plummer, a former Microsoft engineer and architect of the original Task Manager, explained the complexities of measuring CPU usage. He noted that the process is not as simple as it seems, as CPU activity can vary across different cores and the timing of measurements can influence results. The Task Manager accounts for various states of CPU activity, including user mode, kernel mode, interrupt time, deferred procedure calls, and idle loops, making the measurement of CPU utilization a complex task rather than a straightforward one.

Winsage

April 19, 2026

14 defaults I think are worth changing: Windows 11 feels modern, but many out‑of‑box settings push services, tracking, and clutter.

Windows 11 has default settings that prioritize background services, cloud integration, and recommendations, which can lead to user frustration. Key issues include: - Diagnostic data collection is enabled by default, requiring users to opt out rather than opt in, with no complete opt-out option available. - Post-setup prompts can disrupt workflow, and users can disable them in Settings > System > Notifications. - The default Taskbar includes features like Widgets and Copilot, which can clutter the interface; users can unpin unwanted icons. - Users are encouraged to sign in with a Microsoft account during setup, but can create a local account instead. - Preinstalled applications may clutter the Start menu, and users can uninstall them through Settings > Apps. - Automatic updates can disrupt user activity, and users can schedule restarts in Settings > Windows Update. - Device encryption is enabled by default, with recovery keys saved to a Microsoft account; users should back up the key offline. - The "Find my device" feature requires ongoing location tracking, which can be disabled in Settings > Privacy & security. - File extensions are hidden by default, which can hinder usability; users can enable them in File Explorer settings. - The redesigned context menu hides advanced options, accessible via Shift + Right-click. - Promotional content is integrated throughout the OS, and while it cannot be fully disabled, users can limit suggestions in settings. - Microsoft Edge can consume system resources upon startup due to background processes, which can be disabled in Edge settings.

Winsage

April 18, 2026

RedSun: Windows 0day when Defender becomes the attacker

A vulnerability has been discovered in Windows Defender that allows standard users to exploit a logic error in the file remediation process, enabling code execution with elevated privileges without administrative access. This flaw, identified by security researcher Chaotic Eclipse, occurs because Windows Defender does not verify if the restoration location of flagged files has been altered through a junction point. The exploit, named RedSun, takes advantage of a missing validation in the MpSvc.dll file, allowing attackers to redirect file restoration to the C:WindowsSystem32 directory. RedSun operates by chaining together four legitimate Windows features: Opportunistic Locks (OPLOCKs), Cloud Files API, Volume Shadow Copy Service (VSS), and Junction Points. The execution of the exploit involves monitoring shadow copies, triggering Defender's detection, synchronizing OPLOCKs, and ultimately writing malicious binaries to the System32 directory. The root cause is the lack of reparse point validation in the restoration process, and currently, no patch or CVE has been assigned for this vulnerability. It affects Windows 10, Windows 11, and Windows Server 2019 and later, and organizations are advised to implement behavioral detection strategies until a fix is available.

AppWizard

April 17, 2026

My full guide to Pragmata after spending 18 hours shepherding my space daughter

Pragmata features a blend of nostalgia and innovation in gaming, with early levels that have a linear design and complex currencies. A notable gameplay mechanic is hacking, which increases damage to enemies and turns them into 'OPEN' targets, especially useful against bosses. The weapon system allows players to equip four types of firearms, with some functioning as consumables. Healing is managed through limited Repair Canisters, which can be replenished at the Cradle hub area. The Shelter serves as a central hub for upgrades and interactions, with players able to enhance it and unlock new facilities. Various activities and collectibles are available, including challenge arenas and hidden items. A New Game+ mode becomes available after completing the main storyline, allowing players to restart with all gear and upgrades, alongside a more challenging difficulty setting. The game has an approximate playtime of ten hours for the main story and up to 20 hours for full completion.

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

AppWizard

April 16, 2026

Easy as pie: Google’s Gemini uses your memories for AI photos that feel personal

A personalization upgrade for Google's Gemini has been rolled out, enhancing its image generation capabilities through Personal Intelligence and the Nano Banana 2. Users can request personalized photos using simple prompts, as the AI analyzes their photo library and video archives. This feature will be available soon for subscribers of the AI Pro, Plus, and Ultra tiers. By connecting the Photos app to Personal Intelligence, users can enable the AI to create tailored images based on actual memories. Nano Banana 2, launched in February, has improved speed and precision, offering generated content in resolutions from 512px to 4K.

AppWizard

April 16, 2026

Steam Users Have One Day to Get This 2025 PC Game for Free

Steam users have 24 hours to claim the multiplayer storytelling party game, Write Warz, for free before it transitions to a paid model after April 17. To secure free access, players must download, launch the game, and participate in a match. Write Warz, developed by Boltz Entertainment, has a 75% approval rating from users. Reviews highlight its innovative concept and creativity. Compatibility with the Steam Deck is currently listed as "Unknown." The game is designed for multiple players, with most users reporting only a few hours of gameplay.

Tech Optimizer

April 15, 2026

Bitdefender Total Security

Bitdefender Total Security includes features such as a network security inspector, advanced ransomware defense, a hardened browser, and an active Do Not Track system. It offers a two-tier pricing model: an individual subscription for .99 per year for five licenses and a family subscription for .99 for 25 licenses, which includes parental controls. The software features an interface similar to Bitdefender Antivirus Plus, with user-configurable buttons for quick access to features. It boasts high scores from independent antivirus testing labs and excels in malware protection and antiphishing tests. Bitdefender includes a SecurePass password manager, firewall protection, spam filtering, webcam protection, and cryptomining protection. The parental control features allow parents to manage their children's online activities, but they may not be as effective as dedicated solutions. Bitdefender Total Security provides protection for macOS and Android, with high ratings for its performance on these platforms. The Android app includes malware scanning, web protection, and anti-theft features. The Bitdefender Central app allows users to manage their security settings from mobile devices.

AppWizard

April 14, 2026

Mirax RAT Targets Android Devices Through Meta Apps

Mirax is a remote access Trojan (RAT) targeting Android devices in Spanish-speaking countries, identified by Outpost24's KrakenLabs in early March. It propagates fraudulent advertisements on Meta-owned applications, allowing cybercriminals to gain initial access. Mirax can interact with compromised devices in real time, converting them into residential proxy nodes through ads on platforms like Facebook and Instagram. It uses SOCKS5 protocol and Yamux multiplexing to establish proxy channels and uncover victims' IP addresses. The malware captures keystrokes, steals sensitive data, executes commands, and monitors user activity. It employs overlay pages to steal credentials and orchestrates distribution through Meta ads and GitHub for malicious APK files. Users are tricked into enabling installations from "unknown sources," and the malware disguises itself behind video playback features. Additionally, a threat actor has been offering Mirax as a malware-as-a-service (MaaS) on illicit forums, with subscription prices starting at ,500 for three months. This service is described as highly controlled and exclusive, primarily targeting Russian-speaking actors in underground communities.

Winsage

April 14, 2026

This fake Windows 11 24H2 update looks perfect, until it avoids antivirus and steals your passwords

Cybercriminals are using sophisticated tactics to deceive users, particularly with a counterfeit website posing as a legitimate Windows 11 update. This site operates under the domain microsoft-update[.]support and is designed to trick individuals into downloading malware that compromises sensitive information. The site is written in French and mimics a genuine cumulative update for Windows 11, version 24H2, featuring a convincing KB article number and a blue download button. The malware is packaged as a Windows update using the WiX Toolset 4.0.0.5512 and is labeled "WindowsUpdate 1.0.0.msi," with properties that suggest it is from Microsoft. At the time of analysis, VirusTotal showed no detections for the malware, which conceals its harmful code within an Electron shell, making it difficult to identify. Users are advised to download updates directly through the Windows Settings app or from Microsoft's official support hub.