campaigns Archives

Winsage

June 2, 2026

PHANTOMPULSE RAT Uses UAC Bypass to Hijack Windows Systems

PHANTOMPULSE is a remote access trojan (RAT) used as a final payload in multi-stage attacks targeting Windows environments. It employs advanced post-exploitation techniques, including process injection, User Account Control (UAC) bypass, and a decentralized blockchain-based command-and-control (C2) mechanism. The malware utilizes three process injection techniques: module stomping, manual DLL mapping, and debug-driven execution. It avoids detection by using direct system calls instead of standard Windows APIs and incorporates a hardware breakpoint mechanism to disable security protections like AMSI and ETW. PHANTOMPULSE retrieves its C2 server address from Ethereum-based transaction data but has a vulnerability that allows defenders to hijack communication. It achieves persistence through scheduled tasks and supports self-healing capabilities. Privilege escalation is done using the "schuac" UAC bypass technique. The malware conducts system reconnaissance focusing on cryptocurrency wallets and messaging apps but does not directly steal credentials. It shows signs of AI-assisted development and shares tactics with DPRK-aligned threat groups, particularly in targeting cryptocurrency platforms.

AppWizard

May 30, 2026

“Stay on target”: Helldivers 2 gets a big performance patch with upscaler support, but it isn’t working brilliantly for everybody

Helldivers 2 has released a significant update that enhances performance by introducing support for advanced upscaling technologies, including FSR 3.1.5, FSR 4.0.3 for select GPUs, DLSS 4.5, and XeSS 3.0. The update also includes variable rate shading, dynamic resolution scaling, and fine-tuned performance settings for high reflection scenarios. New resolution options for advanced monitors and improved VRAM management are part of the patch. Developers at Arrowhead collaborated with Nixxes Software for these enhancements. Community reactions have been mixed, with some players expressing frustration over certain features, particularly regarding DLSS implementation and lower frame rates. However, players appreciated a fix for a glitch that prevented manual climbing of small obstacles. Arrowhead plans to introduce extended Galactic War campaigns with branching outcomes this summer.

AppWizard

May 28, 2026

Warhammer 40,000: Mechanicus 2 review

Mechanicus 2 is a follow-up to the original Warhammer 40,000: Mechanicus, developed by Bulwark Studios and published by Kasedo Games, priced at £31.50. It is available now on Windows 11 but does not support multiplayer or Steam Deck. The sequel features two distinct campaigns, allowing players to choose between the Adeptus Mechanicus and the necrons, offering a deeper exploration of the necrons' complexities. Unlike its predecessor, Mechanicus 2 limits players to five named leaders with basic upgrade trees, reducing customization options. Technical issues include subtitle bugs and performance problems, and the soundtrack is less impactful than the original. The game lacks the charm and innovation of the first installment, despite being enjoyable as a casual experience.

AppWizard

May 23, 2026

I’ll never love another RPG like I loved Neverwinter Nights

A dedicated gamer finds solace in the RPG Neverwinter Nights, released in the early 2000s, which has a vibrant modding community. The game served as a lifeline during a challenging period, allowing the player to create adventures using the Aurora Toolset. The modding scene has fostered creativity and shared experiences through Persistent Worlds. However, the gaming landscape has evolved, with new games often prioritizing profit over player-created content, leading to a longing for the past. Despite changes, the community around Neverwinter Nights remains vibrant, inviting both old players and newcomers to explore its creative possibilities.

Winsage

May 22, 2026

Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures

Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries. Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million. Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

AppWizard

May 21, 2026

Dawn of War 4 now has a release date and a roadmap, with Crusade Mode making a much-awaited comeback

The release date for Dawn of War 4 is set for Thursday, September 17, 2026. Players can choose between two editions: the Standard Edition and the Commander Edition, which offers a three-day early access period and all year-one content. The game will feature various modes, map packs, and a mission editor, with the return of Crusade Mode. A new faction will be introduced within the first year, with speculation about playable Xenos. Players can wishlist the game in anticipation of its launch.

Winsage

May 20, 2026

MSHTA abuse helps malware hide in Windows processes

Bitdefender's research highlights the use of Microsoft's MSHTA utility in malware attacks, noting its default activation in Windows systems. Cybercriminals exploit MSHTA to execute malicious scripts under the guise of legitimate processes, linking it to various malware families like LummaStealer and PurpleFox. The study reports a rise in MSHTA-related detections, indicating a shift towards "living-off-the-land" tactics that utilize legitimate tools to evade security alerts. Social engineering is identified as a common entry point for attacks, employing deceptive methods such as fake software downloads and phishing links. MSHTA can retrieve and execute additional payloads through multi-stage chains, complicating detection efforts. The attacks target sensitive information, including credentials and financial data, and the continued presence of MSHTA poses risks as it allows threat actors to conceal malicious actions. To mitigate these threats, organizations are advised to restrict or disable legacy scripting tools and exercise caution with untrusted downloads. The report emphasizes the challenge of detecting unusual behaviors associated with legitimate utilities in the context of cyber threats.

AppWizard

May 20, 2026

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have identified an ad fraud and malvertising operation called Trapdoor, targeting Android users with 455 malicious applications and 183 command-and-control domains. Users often download these disguised apps, which initiate malvertising campaigns and lead to further downloads of malicious applications. At its peak, Trapdoor generated 659 million bid requests daily, with over 24 million downloads of the associated apps, primarily from the United States. The operation exploits install attribution tools to activate malicious activities only for users acquired through fraudulent ad campaigns, while suppressing such behavior for organic downloads. Trapdoor employs advanced evasion techniques, including obfuscation and impersonation of legitimate software, to avoid detection. Google has removed the identified malicious apps from the Play Store in response to the threat.

AppWizard

May 19, 2026

The Android App as a Lead Generation Machine: Building Apps That Fill Your Sales Pipeline

Mobile applications are increasingly recognized as powerful lead generation tools for businesses, particularly on the Android platform, which has a significant global market share. Unlike websites, apps encourage repeat engagement through features like notifications and personalized content, enhancing user retention and conversion opportunities. Effective lead generation apps address genuine user needs, providing utility that fosters engagement before asking for user information. Building trust is crucial for lead generation, and businesses should allow users to experience value before requesting personal details. A progressive engagement strategy can effectively draw users in, with free tools leading to more personalized offers later. Personalization enhances user experience by tailoring content and offers based on user behavior, which improves engagement and lead quality. Designing an app with a focus on conversion paths is essential. Clear onboarding, intuitive navigation, and contextual calls to action can significantly impact user decisions. Social proof, such as reviews and testimonials, can bolster trust and encourage users to take action. Successful apps integrate with broader sales and marketing systems, enabling intelligent responses to user actions and ensuring timely follow-ups. Monitoring analytics helps businesses refine their strategies and improve lead capture. While acquisition is important, long-term retention is often more beneficial, as engaged users become warmer leads and advocates for the brand. Retention strategies that maintain relevance, such as new features and exclusive offers, help solidify the app's role as a valuable business asset.