APIs

Winsage
June 25, 2026
Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.
AppWizard
June 19, 2026
Google, Honor, OPlus, Samsung, Transsion, vivo, and Xiaomi are key players in enhancing app distribution platforms. Google is introducing new APIs to simplify the registration process for developers, including the Android Developer ID Status API and the Android Developer Console API. This month, Google will implement a new system service (com.google.android.verifier) on Android 8 or later devices to restrict the installation of unverified applications, although it will remain inactive until verification is launched in specific regions. In July, new developer APIs will roll out, and testing for "limited distribution" accounts will begin, allowing hobbyists to share apps without fees or ID verification on up to 20 devices. By August, an advanced app verification flow will be globally accessible, allowing users to bypass verification through a complex process. In September, Brazil, Indonesia, Singapore, and Thailand will start verifying app installation status, with plans for expanded developer verification by 2027.
AppWizard
June 18, 2026
Epic Games unveiled developments for Unreal Engine 6 at the State of Unreal event in Chicago, highlighting its evolution from Unreal Engine 5. The new engine will incorporate features from Fortnite and UEFN (Unreal Editor for Fortnite), which allows users to create game levels easily. Unreal Engine 6 will adopt open standards for tools, code, and APIs to simplify development across industries. The anticipated release is set for 2027, with early access expected by the end of that year. Verse, a new scripting language, will be central to the gameplay programming model, while C++ will remain foundational. The Scene Graph will replace the existing gameplay framework, and artificial intelligence will play a larger role, with the UE5.8 release introducing the MCP server plugin for deploying large language models.
Winsage
June 17, 2026
The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.
Winsage
June 15, 2026
Copilot PCs were introduced by Microsoft in 2024 to integrate advanced AI capabilities into personal computing. An experimental Windows App SDK is now available on GitHub, allowing users to run Language Model APIs on supported Nvidia GeForce RTX 30-series GPUs with a minimum of 6GB of VRAM. This capability requires a Windows Insider Experimental Channel and Developer Mode activation, enabling local AI inferencing on devices without dedicated NPU hardware. Microsoft's shift from promoting Copilot+ PCs may be influenced by fluctuating RAM prices and aims to make AI functionalities more accessible to a broader user base. In 2024, a research firm noted that consumer interest in AI PCs was driven by the need to upgrade to available models, a trend continuing into 2026 due to a shortage of memory and storage chips, resulting in rising computer prices and declining sales of PCs and components. Projections indicate that entry-level laptops may disappear by 2028. The lack of consumer interest in NPU-equipped PCs could impede the adoption of Copilot+ features, prompting Microsoft to expand AI functionalities to non-Copilot+ devices to enhance its user base and differentiate Windows 11 from competitors like macOS and Linux.
Tech Optimizer
June 14, 2026
Neon and Supabase are two managed PostgreSQL platforms with distinct approaches. Neon adopts a serverless architecture that separates storage and compute, allowing databases to scale to zero when idle and enabling rapid database branching. Supabase, in contrast, provides a comprehensive backend-as-a-service that includes authentication, file storage, real-time subscriptions, and edge functions, all built around PostgreSQL. In 2025, Databricks acquired Neon for approximately billion, motivated by the observation that around 80% of databases created on Neon were generated by AI agents. Post-acquisition, users experienced reduced storage costs and improved pricing structures, although concerns arose regarding Neon's independence. Neon features instant database branching and a scale-to-zero capability, while Supabase offers a fully integrated backend with built-in authentication and storage. Neon operates on a usage-based pricing model, whereas Supabase has a flat-tier pricing structure. Both platforms support the pgvector extension for AI applications, but Supabase is fully open-source and allows for self-hosting, unlike Neon. The developer community recognizes Supabase for its ease of use and rapid application development capabilities, while Neon is praised for its innovative serverless features and cost efficiency. Migration between the two platforms is simplified due to their shared PostgreSQL foundation.
Search