bypass Archives

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.

Tech Optimizer

February 1, 2026

When Digital Guardians Turn Rogue: Inside the eScaneS an Antivirus Supply Chain Attack That Exposed Millions

eScan, an antivirus solution, has become a conduit for a supply chain attack that may have affected millions of users through a compromised software update mechanism. The attack exploited eScan’s automatic update system, distributing malware via official channels that appeared legitimate, thus bypassing traditional security measures. Reports indicate that supply chain attacks have increased by over 300% in the past three years, with software update mechanisms being prime targets. The exact number of affected users is still under investigation, but the breach occurred over a limited period before detection. Enterprises using eScan now face vulnerabilities in their security infrastructure, prompting IT departments to conduct forensic analyses to determine if their networks were compromised. The breach raises concerns about digital security as users typically rely on antivirus solutions for protection. Researchers found that the malware used advanced techniques, including multi-stage deployment and polymorphic behavior to evade detection, indicating significant resources behind the attack. In response, eScan has initiated an incident response protocol, revoked compromised digital certificates, and added verification layers to its update system. However, restoring user trust will require transparency about the breach and preventive measures. The incident has led to widespread security audits across the antivirus sector and may accelerate the adoption of zero-trust security models. Regulatory inquiries are underway regarding eScan's data protection practices, and legal experts anticipate class-action lawsuits from affected users and enterprises. The breach highlights a trend where attackers target security infrastructure itself, making software distribution security a critical focus for cybersecurity professionals. Proposed solutions include blockchain-based verification systems and industry-wide standards for supply chain security. The eScan breach underscores that no organization is immune to sophisticated supply chain attacks, as compromising a security vendor can provide access to its entire customer base. Increased information sharing about supply chain threats is advocated to enhance collaboration within the security industry. Moving forward, eScan must balance technical remediation with transparent communication to rebuild trust, while users are advised to implement defense-in-depth strategies rather than relying solely on one security tool.

Winsage

January 31, 2026

Final day to get Windows 11 Pro for just $10

A promotion has reduced the price of Windows 11 Pro to a significant discount, making it an attractive option for users currently on Windows 10 or the Home edition of Windows 11. The offer represents a 94% discount from the standard retail price and is a rare opportunity for a current-generation Windows Pro license. Windows 11 Pro includes features such as Snap Layouts, multiple desktops, BitLocker device encryption, Windows Information Protection, Hyper-V virtualization, and Remote Desktop capabilities. It requires a compatible 64-bit CPU, TPM 2.0, Secure Boot, at least 4GB of RAM, and adequate storage. Users are advised to purchase from reputable sellers to avoid issues with activation or legitimacy of the license.

Winsage

January 30, 2026

Microsoft to disable NTLM by default in future Windows releases

Microsoft will disable the NTLM authentication protocol by default in the next major Windows Server release and associated Windows client versions. NTLM, introduced in 1993, has been vulnerable to various cyberattacks, including NTLM relay and pass-the-hash attacks. The transition plan includes three phases: enhanced auditing tools in Windows 11 24H2 and Windows Server 2025, new features like IAKerb and a Local Key Distribution Center in late 2026, and eventually disabling network NTLM by default in future releases. NTLM will remain in the operating system but will not be used automatically. Microsoft deprecated NTLM authentication in July 2024 and has encouraged developers to transition to Kerberos or Negotiation authentication.

Winsage

January 30, 2026

Microsoft said my PC can’t run Windows 11, but I upgraded in 5 minutes anyway

Microsoft ceased support for Windows 10 in October 2022, prompting users to consider their next steps, especially those with PCs that do not meet the requirements for Windows 11. A desktop built in 2020 with an Intel Core i9-9900 CPU lacks a Trusted Platform Module (TPM) version 2.0, which is necessary for Windows 11 eligibility. Microsoft encouraged users to invest in new hardware rather than upgrade existing systems. However, there are workarounds available for users with compatible machines. One method involves using the third-party program Rufus to install Windows 11, which requires an empty USB thumb drive with at least 8GB of storage. The installation process includes downloading Rufus, obtaining the Windows 11 ISO, and following specific steps to bypass TPM and other requirements.

AppWizard

January 30, 2026

DoubleVerify warns of ‘zombie’ Android app fraud surge

DoubleVerify has raised concerns about a mobile scam involving the hijacking of dormant Android developer accounts, referred to as "zombie" accounts, which are exploited to publish fraudulent gaming applications on Google Play. This new tactic allows fraudsters to bypass automated checks due to the accounts' history of legitimate activity. The fraudulent apps generate invalid traffic, drain advertiser budgets, and excessively consume device battery power. DoubleVerify has identified unusual traffic patterns, such as surges at early morning hours, which do not align with typical gaming behavior, indicating the presence of bot clusters generating ad requests. Specific examples include dormant accounts that suddenly shifted to publishing gaming apps after years of inactivity. The reliance on developer history as a trust signal poses risks for advertisers, as it can lead to distorted campaign measurements and brand risks. DoubleVerify advocates for real-time behavioral analysis to enhance detection and protection against these threats.

Tech Optimizer

January 30, 2026

When Digital Guardians Turn Rogue: Inside the Avast Antivirus Supply Chain Attack That Exposed Millions

Avast's automatic update system was compromised, allowing malicious code to be distributed through its official channels, affecting potentially millions of users. This breach is characterized as a sophisticated supply chain attack, which exploited the software update mechanism, making it difficult to detect as the malware appeared legitimate. Security analysts noted a 300% increase in supply chain attacks over the past three years, with this incident highlighting vulnerabilities in security solutions. Avast has initiated an incident response, revoked compromised digital certificates, and is collaborating with cybersecurity firms to address the breach. European regulators have begun inquiries into Avast's data protection measures, and legal experts anticipate class-action lawsuits from affected users. The incident underscores a trend of attackers targeting security infrastructure itself, prompting calls for improved software distribution security and industry-wide standards.

Winsage

January 29, 2026

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence

Praetorian Inc. has launched Swarmer, a tool that enables low-privilege attackers to maintain stealthy persistence in the Windows registry while avoiding detection by Endpoint Detection and Response (EDR) systems. Swarmer uses mandatory user profiles and the Offline Registry API to modify the NTUSER hive without triggering standard registry hooks. It operates by creating an NTUSER.MAN file that replaces the NTUSER.DAT hive upon user login, allowing low-privilege users to manipulate registry settings without alerting EDR tools. Swarmer employs functions from Microsoft’s Offline Registry Library, enabling it to perform operations without invoking Reg* API calls, thus evading detection mechanisms. Swarmer's workflow involves exporting the HKCU registry, modifying it, and executing the tool with specific commands to place the modified NTUSER.MAN file into the user profile. It can be used as an executable or a PowerShell module. While it presents a novel method for persistence, Swarmer has limitations, such as being unable to update without admin access and requiring user login to activate. Detection strategies include monitoring for NTUSER.MAN file creation and Offreg.dll usage in non-standard processes.

Tech Optimizer

January 27, 2026

Not a virus: What it means and why antivirus flags it

The term “not a virus” is used by antivirus software to indicate that a file does not match known malware signatures but still triggers a detection. This means the file is not automatically blocked or confirmed as a threat; the alert highlights something unusual, leaving the decision to the user. Alerts typically arise when software exhibits behavior associated with increased risk, despite lacking clear evidence of malicious intent. Malware is specifically designed to inflict harm, while files labeled “not a virus” may perform actions that raise security concerns but are not classified as harmful. Antivirus programs identify threats through signature detection and heuristic behavior-based detection. Legitimate programs, such as system utilities, download managers, and game cheats, can inadvertently trigger “not a virus” alerts. Common types of detections include adware, riskware, and potentially unwanted applications (PUA). The primary security risk of “not a virus” files is exposure rather than direct attacks, and privacy concerns often arise from data collection by these programs. If an antivirus detects “not a virus,” users should identify the file, review recent changes, compare detections, and decide whether to keep or remove it. To reduce unwanted alerts, users should download from official sources, use custom installation options, and remove unused software.

Winsage

January 26, 2026

Microsoft secretly working FREE updates for Windows 11

Microsoft is set to introduce new features for Windows 11, following the discontinuation of Windows 10 support. Two major updates are planned for 2026: Windows 11 Version 26H1, available only for new PCs with the Snapdragon X2 chip, and Version 26H2, which will be released to all users in the autumn. Key features include the integration of Copilot, Microsoft’s AI assistant, which can replace the standard search box on the Taskbar, allowing users to ask questions and search documents using natural language. The calendar flyout on the Taskbar will be updated to show upcoming events and reminders, syncing with the Outlook app. A new full-screen Xbox app will transform Windows PCs into Xbox consoles, optimizing for gamepad use. Microsoft is also exploring video-based wallpapers for the desktop, allowing continuous video playback. Additionally, Copilot will be integrated into File Explorer for enhanced productivity, enabling users to chat about files and generate document summaries.