artifacts Archives

Winsage

June 19, 2026

MacBook Neo vs Windows Laptops for Cybersecurity Tasks

The laptop has evolved into a crucial tool for cybersecurity, serving as a workstation for malware analysis and daily operations. A debate exists between the merits of MacBook Neo and Windows-based models, with Windows offering flexibility and compatibility, while macOS is favored for stability and build quality. Popular penetration testing tools are available on both platforms, but Windows laptops have an advantage due to better integration with x86 environments and specialized drivers. Virtualization is essential in cybersecurity, and Windows laptops with higher RAM provide a better experience for running multiple virtual machines compared to the non-upgradable RAM of the MacBook Neo. Intensive tasks can strain systems, necessitating efficient resource management, especially on the MacBook Neo. Most malware is designed for Windows, making it crucial for analysts to be familiar with Windows-specific tools and features. The MacBook Neo is beneficial for tasks like working with event logs and writing automation scripts, while its battery life and mobility are advantageous for professionals on the go. Security considerations play a significant role in the choice of operating system, with Windows being a common target for attackers, whereas macOS has stricter access controls. Windows laptops offer more price flexibility and upgradeability, while the MacBook Neo focuses on simplicity and build quality but lacks upgrade options. Ultimately, Windows is optimal for tasks involving malware analysis and virtual labs, while the MacBook Neo suits those focused on development and network analysis.

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

AppWizard

June 15, 2026

Gothic 1 Remake PC Performance Analysis

THQ Nordic announced the Gothic 1 Remake for PC, utilizing Unreal Engine 5. The benchmarking was conducted on a high-end setup featuring an AMD Ryzen 9 7950X3D processor and various GPUs, including AMD Radeon RX 6900XT and NVIDIA RTX 4090. The game offers extensive graphics settings and supports technologies like NVIDIA DLSS 4.5 and AMD FSR 3.1. It does not include a built-in benchmark tool, so testing was done in a demanding scene. At 1080p with Very High settings, it consistently achieves 60FPS across many GPUs. At 1440p, leading NVIDIA GPUs maintained frame rates above 60FPS, while AMD's RX 9070XT and RX 7900XTX averaged 70FPS and 68FPS, respectively. For Native 4K at Very High settings, the NVIDIA RTX 5090 delivered a minimum of 65FPS. The game scales well with graphics presets, achieving over 60FPS at lower settings. DLSS 4.5 improved performance significantly, with frame rates exceeding 100FPS in some scenarios. The graphics are impressive, though character models may not match the quality of top-tier titles. Minor traversal stutters were noted but did not significantly impact gameplay. Overall, the game performs well across various PC configurations, especially at 1080p with compatible monitors.

AppWizard

June 15, 2026

007 First Light Update 1.013 Brings Back Improvements From Previous Patch via Version 1.0.5

IO Interactive released game update 1.0.5 for 007 First Light, identified as patch 1.013, which addresses issues from the previous update 1.0.4. Key fixes include resolving an offline mode connection issue, optimizing performance, and fixing various crashes related to startup, corrupted save data, and specific missions. Gameplay improvements were made, including fixes for progression blockers and gadget functionality. Cinematic and animation issues were addressed, along with UI/UX improvements and achievement unlock problems. Performance and stability enhancements were implemented, particularly for PC and PlayStation 5. Localization improvements were made for Korean and Simplified Chinese, and an issue with IOI Account rewards on PlayStation 5 was fixed.

BetaBeacon

June 14, 2026

Arm Shows Off Its Answer to DLSS on Android – and a Whole-Ass Game by Sumo Digital with Unreal Engine 5 MegaLights

MegaLights is a revolutionary lighting solution that allows developers to incorporate an unlimited number of light sources at a fixed cost.

AppWizard

June 11, 2026

007 First Light Major Update 1.011 Fixes Gameplay Issues, Crash Problems via Version 1.0.4

IO Interactive released a significant update for 007 First Light on June 11, identified as version 1.0.4 (update 1.011 for console users). The update addresses various technical issues affecting gameplay, including crashes and platform-specific glitches. Key changes include: - Resolved disproportionately large game updates for Microsoft PC. - Introduced memory optimizations to reduce out-of-memory crashes. - Fixed crashes related to startup profile data, corrupted save data, and specific mission cinematics. - Addressed gameplay blockers, including issues with EULA connection, weapon carrying, and interaction with hostages. - Resolved animation issues in cinematics and visual artifacts in character models. - Fixed UI/UX problems, such as saving icon loops and leaderboard display issues. - Improved performance and stability, including GPU performance and memory allocation on PlayStation 5. - Corrected localization issues in Korean and Simplified Chinese, and fixed a dialogue typo in English. The update aims to enhance the overall gaming experience, with a roadmap for future features promised by IO Interactive.

AppWizard

June 10, 2026

‘Minecraft Dungeons II’ Unveils Animated Trailer & Release Date

The June Xbox Games Showcase revealed an animated trailer for Minecraft Dungeons II, featuring a skilled swordsman battling zombies and enhanced creepers with the help of teammates. The gameplay showcases various environments, including a snowy mountain and a dungeon, culminating in a boss fight against a lava monstrosity golem. The heroes discover a portal with sculk growth and face a Twisted Warden. Minecraft Dungeons II is set to launch on September 29th, 2026, for Xbox Series X|S, PlayStation 5, Nintendo Switch 1 & 2, and PC via Steam. Pre-orders are available for .99 USD for the Standard Edition and .99 USD for the Deluxe Edition, which includes bonuses like hero skins and a pet.

AppWizard

June 10, 2026

Minecraft Dungeons 2: Expanding Exploration and Co-op Action

Minecraft Dungeons 2 was showcased at a private Xbox event in Los Angeles. The game features an interconnected world for exploration, allowing players to pursue objectives in larger environments. It introduces verticality, enabling players to jump and execute jump attacks. The art style has been refined, with concept art used during loading screens. Multiplayer gameplay supports solo play or teaming up with up to three others, both online and locally. The combat system retains exhilarating action while introducing new items and effects, with no distinct character classes. Players can equip four armor slots and utilize new equipment types like artifacts and talismans. A mini-inventory system has been implemented for quick equipment management. The demo took place in the Deep Dark biome, featuring familiar and new mobs, and included a challenging boss fight that emphasized teamwork. Minecraft Dungeons 2 is set to launch on September 29 for PC, PS5, Xbox Series X|S, and Nintendo Switch 1 and 2.

AppWizard

June 6, 2026

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users are the target of a new Android spyware called Asin, identified by ESET in early 2025. The malware is distributed through fraudulent websites that mimic legitimate services, including: - govlens[.]net, registered on May 27, 2025, impersonating a government news source. - pdf-reader[.]help, registered on May 29, 2025, claiming to be a secure PDF editor. - live-war-map[.]com, registered on January 20, 2025, providing updates on military incidents. Two of these domains are promoted via social media accounts on Facebook and Telegram. The spyware combines legitimate functionality with covert capabilities, and its campaigns may target journalists and OSINT researchers in Arabic-speaking regions. Artifacts linked to Asin include an upload to VirusTotal from Türkiye in October 2025, an APK downloaded from c-pdf[.]net in December 2025, and a sample disguised as "Syria Defense Map" detected in January 2026. Users must manually install the applications and grant permissions for the spyware to operate.