actors Archives

Winsage

April 10, 2026

Windows Zero-Day Published on Github as Microsoft Fails to Act

A security researcher named Chaotic Eclipse published a working exploit for a Windows zero-day vulnerability, called BlueHammer, on GitHub on April 2. The exploit allows attackers to gain SYSTEM-level privileges by exploiting a race condition in Windows Defender’s signature update mechanism. The exploit has gained significant attention, with over 100 forks and nearly 300 stars on GitHub. Will Dormann, a principal vulnerability analyst, confirmed that while BlueHammer is functional, it may not always operate reliably. Microsoft has not issued a patch for this vulnerability. The exploit targets the Windows Defender signature update process, allowing low-privilege attackers to manipulate a file path during operation, leading to access to the Security Account Manager (SAM) database. Currently, only 8 out of 72 cybersecurity vendors on VirusTotal flag the exploit file as malicious, which raises concerns about detection coverage. Microsoft reiterated its commitment to coordinated vulnerability disclosure but did not address the communication issues regarding the BlueHammer report.

Winsage

April 9, 2026

BlueHammer: Windows zero-day exploit leaked

A proof-of-concept (PoC) exploit called BlueHammer has been released on GitHub, targeting an unpatched local privilege escalation vulnerability in Windows. The exploit, attributed to users Chaotic Eclipse and Nightmare Eclipse, has been modified by security researchers to work on updated versions of Windows 10, 11, and Windows Server. The exploit manipulates Microsoft Defender to create a Volume Shadow Copy, allowing access to sensitive registry files and enabling the extraction of NTLM password hashes. This facilitates the alteration of a local Administrator's password and subsequent login. The exploit can duplicate the Administrator's security token and create a malicious Windows Service that runs with SYSTEM privileges. While there are no reports of BlueHammer being exploited by malicious actors, researchers warn that such PoC code can be weaponized quickly. Microsoft has committed to investigating reported security issues related to this vulnerability.

Winsage

April 7, 2026

Disgruntled researcher drops “BlueHammer” Windows zero-day LPE exploit

A security researcher, known as "Nightmare-Eclipse," released proof-of-concept exploit code for a Windows zero-day vulnerability called "BlueHammer," which allows local privilege escalation (LPE). The exploit has been validated by another researcher, Will Dormann, who confirmed it can escalate privileges on Windows systems, allowing non-administrative users to gain SYSTEM-level access. The exploit's reliability varies across different Windows versions, with inconsistent success rates reported. Microsoft has not acknowledged the vulnerability or provided a patch, raising concerns about potential exploitation by threat actors. Users are advised to restrict local user access, monitor for suspicious activity, and enable advanced endpoint protection.

AppWizard

April 7, 2026

I watched the first TV show ever based on a game and it made me realize: we’ve really got it good these days

The animated series Pac-Man, produced by Hanna-Barbera from 1982 to 1983, features characters such as Pac-Man, Ms. Pac-Man (Pepper), and Pac-Baby living in Pac-Village, which is governed by the Pac-President and protected by Super-Pac. The series includes antagonists like Mezmaron and a group of ghost monsters: Inky, Blinky, Pinky, Clyde, and Sue. Mezmaron seeks to capture Pac-Man for his knowledge of Power Pellets, which grow on Power Pellet Trees in the Power Pellet Forest. The show consists of 44 episodes over two seasons and often concludes with Pac-Man consuming the ghosts, who then return to Mezmaron in new ghost suits. The humor is aimed at children but lacks cleverness, and notable voice actors include Peter Cullen and Alan Lurie. The second season introduced a younger version of Pac-Man named PJ and increasingly bizarre plots.

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

AppWizard

April 3, 2026

NCSC warns of messaging app targeting by Russia-linked actors

The UK National Cyber Security Centre (NCSC) has warned of an increase in cyber threats from Russia-based actors, targeting high-risk individuals through messaging applications like WhatsApp, Signal, and Messenger. These threats involve deceptive tactics such as coaxing users for login codes, unauthorized device access, group chat infiltration, impersonation of trusted contacts, and phishing links. The targeting is linked to state-affiliated groups from Russia, China, and Iran. High-risk individuals are those with access to sensitive information or influential roles. The NCSC recommends several protective measures: enabling two-step verification, not sharing verification codes, monitoring linked devices, being cautious with unknown contacts, limiting personal app use for work, and using disappearing messages to reduce data exposure.

AppWizard

April 1, 2026

NCSC warns of messaging app targeting | National Cyber Security Centre

The National Cyber Security Centre (NCSC) has issued guidelines for individuals vulnerable to targeted attacks via messaging applications, particularly due to increased malicious activities from actors based in Russia. High-risk individuals, such as those with access to sensitive information, are especially susceptible. Past incidents involve state-affiliated groups like APT31 from China, the Russian FSB actor Star Blizzard, and Iran's IRGC targeting government officials. Attackers may use deceptive methods to obtain login codes, add devices to accounts, infiltrate group chats, impersonate contacts, and execute phishing attempts. To mitigate risks, individuals should avoid sharing sensitive information via messaging apps, use corporate services for work-related communications, refrain from sharing verification codes, activate two-step verification, utilize passkeys, regularly review linked devices, stay alert for impersonations, and consider using disappearing messages. The NCSC also provides guidance for enhancing account and device security for high-risk individuals.

AppWizard

March 31, 2026

Smaller Minecraft updates like Tiny Takeover and Chaos Cubed “feel more sustainable” for Mojang, says lead: “There’s always another one right around the corner”

Mojang is shifting its focus to smaller, more frequent updates for Minecraft, such as the Tiny Takeover and the upcoming Chaos Cubed, while still considering the possibility of larger updates in the future. Product manager Anna Lundgren stated that this new approach feels "more sustainable" and allows for diverse content, catering to different player preferences. Although the community desires larger updates reminiscent of earlier versions, Lundgren assured that the team is flexible and can produce updates of varying sizes. Additionally, Mojang has incorporated real animal voice actors for new sounds in the game.

AppWizard

March 30, 2026

Google Significantly Restricts Popular Android Feature

Google is transforming the Android operating system to enhance security by imposing stricter regulations on app distribution, particularly affecting sideloading. Developers will be categorized as verified or unverified, with registered developers benefiting from a streamlined app distribution process. New regulations will introduce a four-step process for installing apps from external sources, including a 24-hour timer before installation. This aims to deter fraud but may discourage users from pursuing alternative apps. The restrictions could limit opportunities for independent developers and reduce the diversity of available applications on the platform, shifting Android towards a more controlled environment.

AppWizard

March 29, 2026

The director of Tales of Kenzera: Zau learned his most important game development lesson while working with Ridley Scott: ‘That’s why we’re able to make games faster’

Surgent Studios faced challenges after the commercial failure of their first game, Tales of Kenzera: Zau, leading to layoffs and potential redundancy for the entire team by October 2024. However, the studio rebounded by launching two new games, including the horror game Dead Take in 2025, which was well-received on Steam. This shift in strategy focused on smaller, more sustainable projects rather than lengthy development cycles. The experience gained from Zau contributed to the studio's efficiency in producing new games. Salim, the studio's director, also created a child-friendly multiplayer game called FixForce. He remains open to larger projects in the future but acknowledges the competitive nature of the gaming market.