blue screen Archives

Winsage

February 1, 2026

Microsoft confirms that a stack of bad Windows updates is causing boot issues

Windows 11 is facing significant issues following the January Patch Tuesday, particularly with boot failures on commercial devices. These problems are linked to both the January update and a flawed December update, leading to a "UNMOUNTABLEBOOTVOLUME" Blue Screen of Death (BSOD) error. Microsoft has indicated that devices that did not successfully install the December security update are left in an improper state, which can prevent booting when subsequent updates are attempted. While Microsoft is working on a partial solution to prevent further installations that could cause boot failures, this fix will not resolve issues for devices already affected. The company is investigating the causes of these update failures and their consequences.

Winsage

January 29, 2026

Windows 11’s Gaming Gains Overshadowed by Stability Crisis: Performance Tests Reveal a Troubled Transition

Microsoft's Windows 11 version 24H2 shows performance improvements in gaming, with frame rate enhancements ranging from 2% to 8% across various titles, particularly benefiting newer DirectX 12 games. However, users report significant stability issues, including Blue Screen of Death (BSOD) errors, crashes during gameplay, and compatibility problems with certain hardware and software. These issues affect a wide range of systems, suggesting systemic challenges rather than isolated incidents. The operating system's hardware compatibility requirements, such as TPM 2.0 support, have also limited upgrade eligibility for many users. Microsoft has acknowledged specific issues related to Intel and AMD processors, antivirus software conflicts, and outdated drivers. Despite ongoing patch deployments, user frustration persists due to the slow pace of fixes. The stability concerns have led some businesses to delay Windows 11 24H2 deployments, prioritizing reliability over performance gains. The driver ecosystem's lag in updates from hardware manufacturers has further complicated stability. The gaming community remains divided, with many users opting to stay on Windows 10 due to these stability risks.

Winsage

January 14, 2026

Windows 2000 rusts in peace by the sea

A ticket machine at Comboios de Portugal is malfunctioning, running on Windows 2000, which has caused the system to freeze and made card payments unavailable. The issue appears to be related to the software rather than hardware failures. Despite the machine's wear and tear, there is currently no Blue Screen of Death. The situation highlights a decline in rail travel in Portugal as travelers increasingly prefer express bus services.

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.

AppWizard

January 6, 2026

This new FPS game uses your framerate as your health bar, so I’ll brb after I’ve bought a 240Hz monitor

FPS Quest is a unique meta game that uses framerate as a health bar, allowing players to navigate a low-framerate environment without the discomfort typically associated with performance issues. Players traverse dungeons armed with a shotgun, experiencing framerate dips as they take damage, but can restore it by defeating enemies or adjusting game settings. The game features mechanics such as demolishing walls and removing doors, which affect gameplay and map navigation. It includes roguelike elements, cheats, glitches, and customizable settings, encouraging multiple runs to unlock upgrades and weapons. FPS Quest is set to launch on Steam, with no announced release date yet.

Winsage

January 6, 2026

ClickFix attack uses fake Windows BSOD screens to push malware

A new social engineering attack campaign called ClickFix is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into executing malware. Initially identified in December by Securonix as "PHALT#BLYX," the campaign involves phishing emails that appear to be notifications from Booking.com, often mentioning significant refunds to create urgency. Victims are directed to a counterfeit Booking.com site that mimics the legitimate one and displays a fake error message prompting them to execute a malicious command. This command launches a PowerShell script that downloads and compiles malware known as DCRAT, a remote access Trojan that allows attackers to control infected devices, exfiltrate data, and spread within networks.

Winsage

December 15, 2025

VolkLocker Emerges as a Cross-Platform Ransomware Threat Targeting Linux and Windows

A pro-Russian hacktivist group, CyberVolk, has re-emerged in 2025 with a new ransomware-as-a-service (RaaS) operation called VolkLocker, which targets both Windows and Linux systems using Golang. The group utilizes Telegram bots for command-and-control operations, allowing affiliates to manage ransomware interactions. Despite its advancements, coding errors in the ransomware enable victims to recover encrypted files without paying a ransom. VolkLocker employs AES-256 encryption but has a critical flaw where the master encryption key is hard-coded and saved in plaintext, allowing easy decryption. The ransomware also ensures persistence by replicating itself and disabling essential system tools. CyberVolk offers additional RAT and keylogger add-ons for sale, with complete RaaS packages priced between [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: A newly rebooted pro-Russian hacktivist group, CyberVolk, has made a notable comeback in 2025, unveiling a new ransomware-as-a-service (RaaS) operation dubbed VolkLocker, as detailed in recent research by SentinelOne. After a prolonged period of dormancy following extensive bans on Telegram, this group has re-emerged with a Golang-based ransomware solution that targets both Windows and Linux systems. This latest initiative signifies CyberVolk's commitment to revitalizing its operations, showcasing what analysts refer to as the “CyberVolk 2.x” generation of tools. Despite the group's advancements, their integration of sophisticated Telegram-based automation has inadvertently led to coding errors that allow victims to recover their encrypted files without the need to pay a ransom. Telegram-Fueled Automation and Functionality VolkLocker is heavily reliant on Telegram bots for its command-and-control operations, which form the core of its new RaaS model. All interactions between operators and the ransomware's ecosystem, from onboarding new customers to managing victims, are facilitated through a Telegram bot known as CyberVolk_Kbot. This bot provides various commands such as /decrypt, /list, and /status, enabling affiliates to monitor infections and communicate with compromised systems in real time. Operators tasked with creating new ransomware payloads must input several configuration details, including a Bitcoin address, Telegram bot token ID, chat ID, encryption deadline, and file extension. Decryption triggered via backed-up key file This design approach aligns with CyberVolk’s goal of simplifying deployment for affiliates with limited technical skills. The Golang-based payloads, compiled for both Linux and Windows platforms, utilize the “ms-settings” UAC bypass technique (MITRE ATT&CK T1548.002) for privilege escalation. Once operational, VolkLocker performs system reconnaissance, checks for virtual machine environments by matching MAC address prefixes, and strategically excludes key system paths from encryption. Encryption Flaws and System Destruction Features VolkLocker employs AES-256 in Galois/Counter Mode (GCM) for file encryption; however, its encryption design reveals a significant oversight. The master encryption key is hard-coded within the binary and is also saved in a plaintext file named system_backup.key located in the %TEMP% directory. This easily accessible key allows victims to decrypt their files without paying the ransom, highlighting a critical flaw in CyberVolk’s development process. In addition to its encryption capabilities, VolkLocker ensures persistence by replicating itself across multiple directories and disabling essential tools such as Task Manager, Windows Defender, and Command Prompt through registry modifications. It also deletes Volume Shadow Copies and can trigger a Blue Screen of Death (BSOD) using the Windows NtRaiseHardError() function when the countdown timer expires or when incorrect decryption keys are repeatedly entered. Despite these coding missteps, CyberVolk is expanding its offerings, providing RAT and keylogger add-ons for 0 each, along with complete RaaS packages ranging from 0 to ,200. SentinelOne researchers caution that this resurgence underscores how politically motivated groups are increasingly leveraging Telegram infrastructure to commercialize their ransomware operations. Indicators of Compromise: Windows Sample: dcd859e5b14657b733dfb0c22272b82623466321 Linux Sample: 0948e75c94046f0893844e3b891556ea48188608 Bitcoin Wallet: bc1qujgdzl0v82gh9pvmg3ftgnknl336ku26nnp0vy Telegram Bot: 8368663132:AAHBfe3xYPtg1IMynKhQy1BRzuF5UZRZspw Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"] and ,200. Indicators of compromise include specific Windows and Linux sample hashes, a Bitcoin wallet address, and a Telegram bot ID.

Winsage

December 4, 2025

This Windows Update Pop-Up Is a Scam

Hackers have exploited Windows update screens to deliver malware disguised as a "critical security update," a tactic known as the ClickFix attack. This attack uses social engineering techniques, including fake error messages and CAPTCHA forms, to trick users into executing harmful commands. The scam appears as a pop-up mimicking the standard Windows blue screen but originates from a malicious domain. Users are prompted to paste and execute harmful commands, leading to malware installation. Researchers from Huntress have detailed this attack, noting that malicious code can be embedded within PNG images. Although recent law enforcement actions have reduced the presence of malware payloads on these domains, the threat remains. Users should be cautious of any update screens that do not show a progress indicator or require manual command input, as these are signs of a ClickFix attack. Microsoft releases security updates on the second Tuesday of each month, and users are advised to enable automatic updates and consider disabling the Windows Run box for added security.

Winsage

December 4, 2025

Microsoft finds an unlikely ally — Linux developer defends Windows against BSoD jokes

Windows has traditionally held a dominant market share in operating systems, but Linux is gaining traction, particularly after Microsoft ended support for Windows 10 on October 14, 2025. Zorin OS, a Linux distribution, attracted around 780,000 former Windows users within a month of this announcement. Bazzite delivered a petabyte of ISO files in one month, indicating a growing interest among Windows 10 users in alternatives to Windows 11. Linus Torvalds highlighted that many blue screen errors in Windows are linked to hardware issues rather than software bugs and recommended using Error-Correcting Code (ECC) memory for better stability. Microsoft has changed its error reporting from the blue screen of death to a black screen to enhance security and prevent destabilizing updates. There are three types of Blue Screen of Death errors: the Windows 3.1 Ctrl+Alt+Del screen, the Windows 95 kernel error, and the Windows NT kernel error.

AppWizard

December 3, 2025

I’m fed up with gaming on Windows 11 — here’s how Valve’s Steam Machine can fix PC gaming

Microsoft's Xbox Full Screen Experience (FSE) was rolled out to all Windows-based handhelds on November 21, followed by a broader release for gaming rigs and laptops for Windows Insider members. The update process on Windows 11 was slow, causing frustration for users. Accessing the Xbox FSE through various shortcuts was unsuccessful, and the experience was marred by instability and frequent updates. A recent system update (KB5066835) resulted in a significant drop in gaming performance. The author expressed a preference for Linux and SteamOS due to their stability and user-friendly interface compared to Windows. The upcoming Steam Machine is anticipated for its compact design and potential for a hassle-free gaming experience.