attack Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Winsage

March 2, 2026

NTLM is going away: what Microsoft’s phaseout means for MSPs and IT teams

The migration from NTLM to Kerberos authentication is essential for improving security in Windows systems, but it faces challenges such as legacy systems and hardcoded authentication. Organizations must identify NTLM usage, conduct testing with NTLM disabled, and make necessary adjustments or upgrades to migrate successfully. Ongoing monitoring is crucial post-migration to prevent NTLM from re-entering the network. NTLM is associated with significant security vulnerabilities and has been exploited by various threat groups, making its elimination a priority for organizations despite potential hesitations to invest in the migration process. Transitioning to Kerberos is seen as a strategic security investment.

Winsage

February 26, 2026

Announcing new Cloud PC devices designed for Windows 365

In 2024, Microsoft launched Windows 365 Link, a new category of devices designed for quick access to Windows 365 Cloud PCs, enhancing IT management and security. Microsoft is collaborating with ASUS and Dell to expand the Cloud PC device portfolio. The ASUS NUC 16 for Windows 365 is a mini-PC with a 0.7L design, supporting up to three displays, expected to be available in Europe and the U.S. by Q3 2026. The Dell Pro Desktop for Windows 365 is a compact, fanless desktop that also supports three displays and will be available in 58 countries by Q3 2026. Both devices boot directly into Windows 365 and are managed through Microsoft Intune. Key updates for the Windows CPC operating system are planned for Q2 2026, including Bluetooth pairing support and tenant branding features. Windows 365 Link is currently available in 20 countries, with plans for market expansion.

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.

BetaBeacon

February 24, 2026

RAINBOW SIX Goes Mobile Worldwide And Is Now Available On iOS And Android

Ubisoft has launched Rainbow Six Mobile worldwide, a free-to-play first-person shooter game that brings the tactical intensity of Rainbow Six Siege to iOS and Android devices.

AppWizard

February 24, 2026

You could get Crimson Desert and two other games for just $5 in Fanatical’s new VIP Mystery Bundle

The game Crimson Desert is set on the continent of Pywel, where players control Kliff, a member of the Greymanes faction. Kliff's journey involves navigating rival groups and mythical creatures after a brutal attack from the Black Bears, aiming to find surviving clan members and confront the Black Bears' leader, Myurdin. The gameplay features fast-paced combat and innovative mechanics, drawing inspiration from various RPGs. Crimson Desert is available for .99 / £4.99 through the Fanatical VIP Mystery Bundle, which includes three Steam keys and the possibility of receiving additional games like Nioh 3 and Resident Evil Requiem.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

AppWizard

February 23, 2026

This bloody medieval carve-’em-up has me praying the devs deliver a holy gaming experience

The game "1348 Ex Voto" features a female knight named Aeta, who is trained in swordplay and accompanied by her companion Bianca. The combat system requires players to carefully judge enemy attacks, creating a tense experience. The game world is designed to be desolate and cinematic, focusing on a predetermined path rather than open-world exploration. Players can find items to enhance gameplay, such as health-restoring food and skill books. The visuals, powered by Unreal Engine 5, depict detailed medieval Italian settings. The game is set to launch on March 12, 2026, and aims for authenticity in storytelling and character development, with a completion time of under 20 hours.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.