Browser Security Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Tech Optimizer

December 7, 2025

FTC sends $15.3 million in refunds to Avast antivirus customers

The Federal Trade Commission (FTC) is distributing million to 103,152 consumers affected by misleading marketing practices related to Avast's antivirus software. This distribution began on December 2, 2025, as part of a settlement finalized in June 2024, which addressed allegations that Avast collected, stored, and sold users' browsing information without proper notice or consent. Consumers can receive payments via checks, PayPal, or Zelle, with specific timeframes for cashing or redeeming funds. Rust Consulting, Inc. is the refund administrator, and individuals are advised not to pay any fees or provide account information to file claims. The settlement also imposes restrictions on Avast, including a permanent ban on selling web browsing data for advertising and a requirement to obtain clear consent from users for any future data sales.

Winsage

September 8, 2025

MostereRAT Targets Windows Users With Stealth Tactics

A recent investigation by cybersecurity experts revealed a sophisticated phishing campaign utilizing a new strain of malware called MostereRAT, which targets Microsoft Windows systems. This Remote Access Trojan (RAT) allows attackers extensive control over compromised devices and employs advanced evasion techniques, including being crafted in the Easy Programming Language (EPL). MostereRAT can disable security tools, obstruct antivirus traffic, and establish secure communications with its command-and-control server through mutual TLS (mTLS). The attack begins with phishing emails aimed at Japanese users, leading to the download of a Word document that contains a concealed archive. This prompts the user to execute an embedded executable, activating the malware, which installs itself in the system directory and creates services with SYSTEM-level privileges. It also displays a deceptive message in Simplified Chinese to further spread the malware. MostereRAT can disable Windows Update, terminate antivirus processes, and impersonate the TrustedInstaller account to escalate privileges. Its functionalities include keylogging, system information collection, downloading and executing payloads, creating hidden administrator accounts, and running remote access tools like AnyDesk and TightVNC. Some components of MostereRAT's infrastructure were previously linked to a banking trojan reported in 2020.

Winsage

September 5, 2025

Mozilla Extends Firefox ESR 115 Support for Windows 7 Until March 2026

Mozilla has extended support for Firefox ESR 115 for users on aging operating systems until March 2026, specifically for Windows 7, Windows 8, Windows 8.1, and macOS versions 10.12 through 10.14. This extension allows these users to continue receiving essential security patches for an additional six months. Firefox ESR 115, released in July 2023, is the final version compatible with these legacy systems. Mozilla emphasizes its commitment to providing security updates for deprecated operating systems, making Firefox ESR one of the few mainstream browsers still offering secure browsing on these platforms, as Google Chrome and Microsoft Edge have ceased support.

Tech Optimizer

August 20, 2025

I tested the best antivirus software for Windows: Here’s what I’d use to protect my PC

Windows Security is a free antivirus program pre-installed on every Windows PC, offering solid protection. Bitdefender provides a comprehensive antivirus solution with a yearly subscription. Malwarebytes is recommended as the top antivirus choice for Windows users, featuring a user-friendly interface and both free and paid versions. TotalAV is an affordable option with a built-in VPN and system tune-up tool. McAfee Total Protection offers extensive features, including identity theft coverage. Avast One is designed for gamers, providing a Do Not Disturb mode. uBlock Origin is an ad blocker that enhances browser security, while Brave is a secure web browser with built-in tracking and ad blocking features.

Tech Optimizer

April 10, 2025

6 overlooked security practices I implemented at home and I regret not using sooner

- Safeguarding technology is crucial in the digital age due to potential threats from various devices. - Two-factor authentication (2FA) enhances online account security by requiring a second code sent to a phone, email, or authentication app. - Biometric verification methods and hardware authentication devices like YubiKeys can further enhance security. - Backup codes should be printed when setting up 2FA, and passkeys offer a passwordless solution for securing accounts. - Ransomware can lock users out of data until a ransom is paid, and Windows 10 and 11 have a feature called Controlled Folder Access (CFA) to protect essential folders. - Windows Security provides baseline protection for PCs, and users should regularly check for updates and conduct manual scans. - Microsoft's PC Manager utility enhances system security by offering features for storage and app management alongside virus scanning. - Securing web browsers is vital, with unique settings available in browsers like Microsoft Edge, Firefox, and Chrome to improve privacy and security. - Regularly clearing browsing history and keeping browsers updated helps mitigate risks from malware and phishing attacks. - Securing Wi-Fi routers involves changing the default admin password and SSID, using strong encryption like WPA3, and regularly updating firmware. - Custom firmware like DD-WRT or OpenWrt can enhance router security and functionality.

Winsage

March 28, 2025

Mozilla warns Windows users of critical Firefox sandbox escape flaw

Mozilla released Firefox version 136.0.4 to address a critical security vulnerability, CVE-2025-2857, which could allow attackers to escape the browser's sandbox on Windows systems. This flaw, identified by developer Andrew McCreight, affects both standard and extended support releases of Firefox. Mozilla patched this issue in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1. The vulnerability is similar to a recent zero-day exploit in Google Chrome, CVE-2025-2783, which was used in cyber-espionage campaigns against Russian entities. Additionally, Mozilla previously addressed another zero-day vulnerability, CVE-2024-9680, exploited by the RomCom cybercrime group, allowing code execution within Firefox's sandbox. Earlier in the year, Mozilla responded to two zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition.

Winsage

March 3, 2025

Microsoft Edge tests AI History Search, better security on Windows 11

Microsoft Edge is introducing new AI-driven features, including an experimental Web Push API for improved notification management in Windows 11 and enhanced security measures for downloads and clipboard activities. An AI History search feature is being developed, allowing users to receive AI recommendations from web passages during history searches, which can be activated by typing @history in the address bar. This feature may require a Microsoft account and will only apply to websites visited after activation. Additionally, Edge is optimizing memory usage with sleeping tabs and has identified new security features, including msProvenanceValidatorToggleOnByDefault for verifying downloaded file sources and msProtectedClipboard for protecting clipboard contents. The term msEdgeMetaOSOlympus has been mentioned, potentially indicating a redesign or new Windows release, though details remain unclear.

Winsage

December 21, 2024

Microsoft Warns Millions Of Windows Users—Change Your Browser Now

The FBI has warned of a rise in email attacks, particularly with the holiday season approaching, highlighting increased risks from sophisticated phishing emails and malicious websites enhanced by AI tools. Microsoft is promoting its Edge browser as a safer alternative for Windows users, with plans for pop-up notifications encouraging users to set Edge as their default browser. Despite a slight increase in Edge's market share, it still significantly lags behind Google Chrome. The Department of Justice may pursue actions against Google that could impact Chrome, while Microsoft continues to use security as a key reason for promoting Edge. Users are experiencing pop-up campaigns with confusing options regarding Edge, and while Edge has security advantages, Google is improving its own features. Microsoft may find more success in promoting Edge within the enterprise sector.