artifacts Archives

Winsage

March 23, 2026

Microsoft announces changes to Windows 11: movable taskbar, less Copilot and improved update control

Microsoft is rolling out enhancements for Windows 11 in test builds for Windows Insider members during March and April of 2026. Key updates include: - Users can now reposition the taskbar to the top or sides of their screens and access more personalization settings. - The integration of the Copilot feature will be reassessed across applications like Snipping Tool, Photos, Widgets, and Notepad, focusing on specific use cases. - Windows Update will allow users to skip updates during initial setup, shut down or restart without mandatory updates, pause updates for extended periods, and reduce the frequency of automatic restarts and notifications. - File Explorer will see performance upgrades, including faster startup times, fewer visual artifacts, and enhanced stability. - The Feedback Hub will have an updated interface for easier feedback submission and improved visibility of user messages. - Future developments for Windows 11 will focus on enhancing system performance, stability, and predictability, reducing resource consumption, boosting application speed, improving driver stability, minimizing crashes, enhancing peripheral connectivity, and ensuring reliable updates. - There will be ongoing improvements to the Windows Subsystem for Linux to enhance file operations between Windows and Linux environments.

AppWizard

March 21, 2026

I’ve spent over 100 hours in Crimson Desert—here are my top 20 quick tips to triumph in Pywel

1. Ring the bell in each city to unlock the regional map and reveal points of interest. 2. Spend your first Abyss Artifacts on health and stamina, prioritizing stamina for early boss encounters. 3. Complete Requests from the notice board to gain more inventory space or purchase extra slots at shops. 4. The Force Palm ability is effective for puzzles and boss fights, especially with the Level 3 upgrade. 5. You can heal your horse by using the Force Palm ability. 6. Petting and feeding your horse unlocks new skills, such as double jumping. 7. Refine your gear at the Smithy using copper and iron ore, and look for Bloodstone for maximum refinement. 8. Kicking is an effective tactic against humanoid bosses and enemies. 9. Mysterious Energy areas on the map often hide fast travel points or puzzles. 10. Completing Sealed Abyss Artifact challenges yields Abyss Gears and Faded Abyss Artifacts for respecs. 11. Hold up your lantern to locate Sealed Abyss Artifacts, which shine with a white circle. 12. Sell learned recipes for profit and participate in various contests for quick cash. 13. Use CTRL (or LB on controller) to investigate vendor inventories for hidden items. 14. Steal carefully to avoid losing Contribution points, which are needed for better gear. 15. Use grindstones and anvils to temporarily increase weapon damage and armor protection. 16. Cook and equip food for quick healing access during battles. 17. The Blinding Flash ability can burn obstacles and reveal powered cables for puzzles. 18. Observe enemies and bosses to learn new skills for free. 19. Keep your guard up and upgrade Keen Senses to Level 2 for better dodging and parrying. 20. Palmar Pills found during main quests restore 30% HP upon death instead of forcing a respawn.

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.

Winsage

March 6, 2026

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a social engineering campaign named ClickFix that exploits the Windows Terminal application to deploy Lumma Stealer malware. Detected in February 2026, this campaign instructs users to access Windows Terminal using the Windows + X → I shortcut, enhancing its perceived legitimacy. Attackers evade detection by manipulating users into executing harmful commands through deceptive prompts. The attack chain involves pasting a hex-encoded command into Windows Terminal, which opens additional Terminal and PowerShell instances, leading to a PowerShell process that decodes a script. This process downloads a ZIP payload containing a renamed 7-Zip binary, which extracts files and initiates a multi-stage attack, including retrieving payloads, establishing persistence, configuring Microsoft Defender exclusions, exfiltrating data, and deploying Lumma Stealer by injecting it into "chrome.exe" and "msedge.exe." Lumma Stealer targets browser artifacts to harvest credentials. A secondary attack pathway involves downloading a batch script that writes a Visual Basic Script to the Temp folder and connects to Crypto Blockchain RPC endpoints, also using QueueUserAPC() for code injection into browsers to extract data.

AppWizard

March 6, 2026

Building realistic Minecraft worlds with Open Data on AWS: How Arnis uses elevation datasets at scale

Arnis is an open-source tool that transforms real-world locations into Minecraft experiences using geospatial data from Amazon Web Services (AWS). It recently migrated to Terrain Tiles, a global elevation dataset, which has reduced data retrieval costs and improved accessibility for nearly 300,000 users. Users can select geographic regions and customize parameters to generate locations in Minecraft, with the conversion process occurring locally on their machines. The integration of elevation data was a key feature, achieved through a processing pipeline designed by contributors after consulting GIS specialists. This pipeline allows accurate terrain rendering globally, even in areas with significant elevation variations. The transition to Terrain Tiles eliminated the need for a commercial provider, simplifying the codebase and removing account-bound authentication for data access. Previously, users made around 2,000,000 elevation tile requests over three months, incurring substantial costs. Now, users benefit from free access to the Terrain Tiles dataset, enhancing the elevation feature's reliability and accessibility. The Arnis processing pipeline operates on the client’s machine without backend services or API keys, involving steps such as calculating tile coordinates, fetching terrain tiles from AWS, decoding them, applying smoothing, and voxelizing the map data. A local cache is used to minimize redundant reads, and the system defaults to flat terrain if the endpoint is temporarily unavailable. Future developments include a public Minecraft server for exploring generated worlds without downloading the application, automatic region selection for optimized data retrieval, expanded landform detection for better representations, and a terrain-only mode for custom city planning and adventure map creation.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

AppWizard

February 21, 2026

Epic Games Store PC Weekly Free Games 19/02/2026

From 4 PM GMT on February 19, 2026, to 4 PM GMT on February 26, 2026, the Epic Games Store is offering free downloads of Return To Ash and STALCRAFT: X Starter Edition. Return To Ash is published and developed by Serenity Forge, featuring a narrative set in a quiet hospital. STALCRAFT: X Starter Edition is published and developed by EXBO, offering MMOFPS gameplay with RPG elements and includes a Starter Pack with a 7-day Premium membership, weapons, armor, artifacts, and cosmetics.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

Winsage

February 15, 2026

Windows 11 KB5077181 fixes gaming bugs, Nvidia black screen, and performance issue affecting explorer.exe, taskbar, and Start menu

Windows 11 KB5077181 is a mandatory update that resolves up to 58 critical vulnerabilities, including a serious flaw in Windows Notepad that could allow for remote code execution. It introduces new features like an Apple Handoff-like Resume function and addresses gaming issues, particularly graphical artifacts in games such as Forza Horizon 5. The update fixes the black screen problem affecting certain Nvidia GPUs and resolves issues related to explorer.exe freezing or crashing upon login. Microsoft has confirmed that the update addresses black screen problems in isolated multiuser environments and rectifies boot failures linked to specific GPU configurations. Users can check if the update is installed by navigating to Settings > System > About, with the latest version being Build 26200.7840 or newer.

Winsage

February 11, 2026

Windows shortcut files targeted by ransomware gang Global Group

The Global Group ransomware operates in a mute mode, executing all activities locally on the compromised system without communicating with a command and control server. It generates the encryption key directly on the host machine, meaning no data is exfiltrated despite claims in its ransom note. This method streamlines the attack process, minimizes detection risks, and allows for quicker execution of attacks, targeting more victims while making data exfiltration unnecessary for compelling ransom payments.