attacks Archives

Winsage

May 27, 2026

Windows Users Targeted in New Phishing Campaign

Research from FortiGuard Labs has identified a phishing campaign that disguises itself as purchase orders, prompting recipients to open harmful attachments. The campaign begins with a phishing email containing a malicious JavaScript file. When executed, this JavaScript decrypts and runs a PowerShell script that uses process hollowing to inject a .NET downloader module into the trusted Windows process MsBuild.exe. This downloader connects to a remote command and control (C2) server to download and execute additional modules, allowing the attacker to alter the malware's behavior after the initial compromise. The campaign poses significant detection challenges for Windows users due to its use of multiple encryption layers, fileless execution techniques, and process hollowing strategies. Security experts emphasize the need for organizations to enhance their detection capabilities beyond traditional methods, focusing on identifying suspicious activity across various devices and applications. The phishing attack exploits social engineering tactics and blends malicious actions with legitimate administrative tools, complicating detection efforts. Additionally, the human element plays a crucial role in breaches, highlighting the importance of effective communication and collaboration between security teams and other departments to improve security awareness and behavior.

Tech Optimizer

May 27, 2026

WHAT THE TECH? Smartphone anti-virus

Antivirus software is not a necessity for most smartphone users, as the nature of threats has evolved. iPhones isolate apps from the core system, making traditional antivirus scans ineffective; threats mainly come from scams like phishing links and deceptive messages. Android devices allow sideloading, increasing the risk of malware from unofficial sources. The primary dangers for users include phishing texts, fake login pages, scam calls, and social engineering tactics. To enhance security, users should keep their operating systems updated, use strong passwords, enable two-factor authentication, avoid suspicious links, and refrain from installing apps from unknown sources. Antivirus apps may be beneficial in specific situations, such as frequent link clicking or downloading from unfamiliar sites, with reputable options available for added protection against scams and unsafe websites.

AppWizard

May 27, 2026

‘No Future Updates’—Google Will Confirm Play Store App Deletion

Google is enhancing the security of its Play Store by removing high-risk and low-quality applications and will soon notify users when an app has been deleted from the Play Store. This notification will inform users that the app will no longer receive updates, which is crucial for security as unpatched apps can be exploited. Currently, users only receive alerts about significant security threats, but the new feature aims to improve user awareness regarding app removals. The change comes amid rising cyber threats, with a recent report indicating that vulnerability exploitation is a major risk. Previously, users were not notified about app removals, leaving them unaware unless they found out through other means.

BetaBeacon

May 26, 2026

5 Best Controller Games for Android – You Can Play Right Now

Dead Cells has full native controller support on Android.

AppWizard

May 26, 2026

Is your phone bill higher? 200+ Android apps might secretly be stealing money from you

A new type of malware has emerged that targets smartphone users by inflating phone bills through unauthorized carrier subscriptions. Discovered by cybersecurity firm Zimperium, this operation involves nearly 250 counterfeit Android applications that impersonate popular apps like TikTok and Instagram. Once downloaded, the malware uses advanced techniques such as JavaScript injection and SIM card access to enroll users in fictitious premium services without their knowledge. The scam has primarily affected users in Malaysia, Romania, Thailand, and Croatia, with Malaysia accounting for 85% of the victims. Google has confirmed that these malicious apps are not available on the Play Store and that users are protected by Google Play Protect. Despite a peak in activity in September 2025, parts of the scam's infrastructure remain operational, with the last recorded activity in January 2026. Users are advised to practice online security measures to protect their personal data.

Tech Optimizer

May 26, 2026

What the Tech? What to ask yourself before downloading an anti-virus app

Most individuals do not require antivirus apps on their smartphones, as the primary threats are scams rather than traditional viruses. iPhones use app isolation, making conventional antivirus scans ineffective; threats include phishing texts and fraudulent websites. Android phones allow sideloading, increasing the risk of malware from unofficial sources. The main dangers are deceptive tactics like phishing, scam calls, and social engineering. To enhance security, users should keep their operating systems updated, use strong passwords, enable two-factor authentication, avoid suspicious links, and refrain from installing apps from unknown sources. Antivirus apps may be beneficial for users who frequently click unverified links, download files from unfamiliar sites, or engage in Android sideloading. Reputable security apps focus on scam detection and account safety rather than traditional virus scanning.

Tech Optimizer

May 25, 2026

What The Tech: Is an anti-virus software needed for smartphones?

Most smartphone users do not require antivirus applications, as the primary threats are scams rather than traditional viruses. iPhones have a secure operating system that limits antivirus functionality, focusing on scams like deceptive texts and phishing links. Android devices allow sideloading, increasing the risk of malware from unofficial sources. Best practices for smartphone safety include downloading apps from official stores, using trusted developers, avoiding dubious links, keeping the operating system updated, using strong passwords, enabling two-factor authentication, and refraining from installing apps from unknown sources. Antivirus apps may be beneficial for users who frequently click on links, download files from unfamiliar websites, install many applications, engage in Android sideloading, or seek additional protection against scams. Reputable security apps prioritize scam detection and unsafe website identification over traditional virus scanning.

AppWizard

May 25, 2026

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Zimperium identified a sophisticated malware campaign that exploited nearly 250 Android applications, posing as popular games and social media platforms. The malware ensnared users into premium subscription services without consent, using techniques like JavaScript injection and interception of one-time passwords. The campaign primarily targeted users in Malaysia, Romania, Thailand, and Croatia, with the malware capable of reading SIM cards and activating for specific mobile carriers. Zimperium first detected the scam in March 2025 and monitored it until at least January 2026. Google stated that none of the compromised applications were available on its app store and emphasized that Android users are protected by Google Play Protect. The hackers deployed three malware variants, with the first using an automated subscription engine, the second targeting users in Thailand with premium SMS messages, and the third combining SMS fraud with real-time notifications to attackers via Telegram. The campaign primarily affected Malaysian SIM card users, with significant activity also in Thailand and Romania. Despite the campaign's last known activity in January, parts of its infrastructure remain operational. The attacks highlight vulnerabilities in application security and the challenges of policing app downloads from third-party marketplaces.

Winsage

May 25, 2026

Windows zero-days expose gaps in built-in security protections

Two Windows zero-day vulnerabilities, YellowKey and GreenPlasma, have been identified. YellowKey targets the Windows Recovery Environment (WinRE) on Windows 11 and Windows Server 2025, allowing attackers with physical access to bypass BitLocker protections using a USB device. GreenPlasma affects Windows 10, Windows 11, and Windows Server environments with active Collaborative Translation Framework Monitor (CTFMON) sessions, enabling local privilege escalation from a standard user account to SYSTEM-level privileges. Both vulnerabilities require either physical or local access to exploit. Microsoft has not yet released patches for these vulnerabilities, prompting organizations to enhance their security measures and operational resilience. Recommendations include reassessing physical security, limiting local administrative access, and implementing multifactor authentication and robust credential management practices.

Winsage

May 23, 2026

Microsoft Windows Дефендер тизимидаги хавфли заифликларни бартараф этди

Microsoft has identified two significant vulnerabilities in Windows Defender, specifically related to the Malware Protection Engine, which could allow denial-of-service attacks. These vulnerabilities could destabilize the security mechanism of Windows. Microsoft has released patches in versions 1.1.26040.8 and 4.18.26040.7 of the Malware Protection Engine to address these issues. Users with automatic updates enabled will receive these patches without further action, but it is recommended that users manually check for updates in the Windows Security settings. There is currently no evidence that these vulnerabilities have been exploited in real-world scenarios.