code Archives

AppWizard

April 7, 2026

Researchers find 50 ‘dangerous’ Android apps that are secretly hijacking phones: Who is at risk

Recent findings from McAfee have revealed a malware campaign named Operation NoVoice that has infiltrated over 50 applications on the Google Play Store, which collectively received over 2.3 million downloads before being removed. The malware uses a rootkit attack strategy to gain administrator-level control of Android devices while remaining undetected. Affected apps appeared benign, performing tasks like cleaning files or managing photos, but were secretly communicating with a remote server to send device information. This allowed attackers to deploy custom exploit code, achieving root-level access and posing significant security risks. The malware persists even after factory resets, potentially requiring firmware reinstallation for complete removal. Users with older or unpatched Android versions are at greater risk, as well as anyone who downloaded the compromised apps.

AppWizard

April 7, 2026

Join our Twitch Tiny Takeover

The Twitch Tiny Takeover campaign, a collaboration between Twitch and Mojang Studios, will launch on April 6th at 9:00 AM PT. Streamers can participate by streaming at least one hour of Minecraft gameplay and may earn up to ,000. Viewers can earn hats by watching Minecraft streams for five minutes and can obtain a Baby Chick Badge by purchasing or gifting a subscription. Streamers must be part of the Twitch Affiliate Program to qualify for rewards. Rewards will be sent to Twitch inboxes and can be redeemed on Minecraft.net.

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

AppWizard

April 6, 2026

Dangerous “NoVoice” malware found in over 50 Play Store apps that were installed 2.3 million times

A new malware threat called "NoVoice" has been found in over 50 applications on the Google Play Store, with 2.3 million installations on Android devices. Discovered by McAfee, this malware is hidden in seemingly harmless apps like system cleaners, games, and image galleries. It exploits Android vulnerabilities to gain root access, potentially allowing attackers to steal sensitive information and manipulate applications without user consent. In some cases, it may persist even after a factory reset. Google has stated that Android devices updated since May 2021 are protected against this threat and that Google Play Protect actively removes malicious apps and blocks new installations. The malware was not able to infect devices in Beijing and Shenzhen, suggesting the attackers may be avoiding local law enforcement. One identified app carrying the NoVoice payload is SwiftClean, developed by Biodun Popoola. The malware operates using a silent audio file, executing its code without user detection. Users are advised to download apps only from the Google Play Store and keep their devices updated.

Winsage

April 6, 2026

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code for a Windows privilege escalation vulnerability, named BlueHammer, has been released, allowing attackers to gain SYSTEM or elevated administrator permissions. This zero-day vulnerability was disclosed by a researcher, Chaotic Eclipse, who expressed frustration with Microsoft's handling of the issue. The exploit combines a time-of-check to time-of-use (TOCTOU) issue with path confusion, granting local attackers access to the Security Account Manager (SAM) database, which contains password hashes for local accounts. While the exploit is confirmed to work, it has been found unsuccessful on Windows Server due to bugs that hinder its effectiveness. Attackers can gain local access through various means, raising significant security risks. Microsoft has not yet responded to inquiries about the BlueHammer flaw.

Winsage

April 6, 2026

Why Microsoft is forcing Windows 11 25H2 update on all eligible PCs

Microsoft has announced that eligible Windows 11 PCs currently on the 24H2 version will be automatically upgraded to the 25H2 edition, with no user action required, although users can temporarily postpone the update. The eligibility assessment for the update uses machine learning, considering factors such as testing results, user feedback, and diagnostic data. The update is mandatory for individual users of Windows 11 Home or Pro editions, as support for 24H2 will expire on October 13, ending security patches for that version. IT-managed computers are excluded from this automatic update. Users can check for eligibility by navigating to Settings and selecting Windows Update. The 25H2 update is designed to be more compact and efficient, updating only necessary files and sharing the same code base as 24H2, which improves stability and reliability. To check the current version of Windows 11, users can go to Settings, select System, and click on About.

AppWizard

April 6, 2026

Slack Messenger: Revolutionizing Team Communication

Slack Messenger is a cloud-based platform for workplace collaboration that enhances team communication through real-time messaging, file sharing, and workflow integrations. Since its launch in 2013, it has replaced traditional email chains with organized channels for discussions and direct messaging. Users can create dedicated channels for specific projects, utilize threaded replies for clarity, and send targeted notifications through mentions. Key features include an intuitive interface accessible on various devices, unlimited message history on paid plans, voice and video huddles, and support for over 2,600 applications like Google Workspace and Salesforce. Security features include data encryption and compliance with regulations such as GDPR and HIPAA. Slack is used across various sectors including project management, customer support, and engineering, and is widely adopted by companies like IBM, Shopify, and NASA. On a daily basis, teams use Slack for status updates, file sharing, and conducting polls. For larger organizations, it offers multi-workspace setups and analytics. A free tier is available for freelancers and small teams, while its mobile app facilitates coordination for gig economy workers. Slack operates in over 150 countries and supports multiple languages. The collaboration software market, valued at over a billion dollars, continues to grow, driven by hybrid work demands. Competitors include Microsoft Teams, Discord, and Mattermost, although Slack remains distinguished by its integrations. Slack is supported by AWS cloud infrastructure and boasts an uptime of 99.99%. Recent updates introduced AI features aimed at enhancing efficiency. Salesforce acquired Slack in 2020 for .7 billion, integrating it into its Customer 360 ecosystem while maintaining its standalone brand. Slack is publicly listed under the ISIN US79466L3024.

Winsage

April 5, 2026

Microsoft Ships Emergency Windows 11 Fix for Broken Patch

On March 31, Microsoft released emergency update KB5086672 in response to issues caused by the previous preview patch KB5079391, which left many Windows 11 devices in a loop with error code 0x80073712, blocking access to March security fixes. Microsoft withdrew KB5079391, which was launched on March 26, and replaced it with KB5086672, a cumulative update that includes all fixes from March 2026. KB5086672 supersedes previous updates, including KB5079473, KB5085516, and KB5079391. Users with the "Get the latest updates as soon as they’re available" setting will receive KB5086672 automatically, while others can manually check for updates or download it from the Microsoft Update Catalog. Microsoft has been issuing multiple emergency updates recently, raising concerns about the quality of its update pipeline, with a history of emergency patches for various issues affecting Windows 10, Windows 11, and Windows Server. The issues from KB5079391 may resurface in the upcoming April cumulative update.

Winsage

April 5, 2026

“These mods completely changed how I use Windows 11”: As I walk through the 7 Windhawk tweaks that transformed my desktop, I’m surprised by which ones made the biggest difference

Windows 11 allows users to customize background images, themes, accent colors, and the Start menu and Taskbar. However, for more significant changes, Windhawk offers a modular approach to modify the operating system without risky file modifications. To install Windhawk on Windows 11, users can use the Windows Package Manager (winget) by running the command: winget install --id RamenSoftware.Windhawk. Notable mods available for Windhawk include: - Windows 11 Taskbar Styler: Provides control over the Taskbar's visual elements with three levels of customization. - Taskbar on Top for Windows 11: Allows users to reposition the Taskbar to the top of the screen. - Taskbar Height and Icon Size: Enables adjustments to the Taskbar's height and icon size without affecting DPI scaling. - Windows 11 Start Menu Styler: Offers complete customization of the Start menu's appearance using themes and custom XAML/CSS. - Windows 11 File Explorer Styler: Allows control over the File Explorer interface by injecting custom XAML styles. - Windows 11 Notification Center Styler: Modifies the layout, transparency, and aesthetics of the Notification Center and Quick Settings. Windhawk uses dynamic code injection to implement changes without altering system files, minimizing risks associated with traditional modifications.

Tech Optimizer

April 5, 2026

Linux 7.0 Cuts PostgreSQL Performance in Half

An AWS engineer reported a significant drop in PostgreSQL throughput on Linux 7.0, with performance reduced to approximately half of its previous capability. Benchmark tests showed that the removal of the PREEMPT_NONE scheduling option was the main cause of this regression. On a 96-vCPU Graviton4 instance, throughput measured at just 0.51x compared to earlier kernel versions. Salvatore Dipietro from Amazon/AWS conducted benchmarking analysis of PostgreSQL 17, revealing that Linux 7.0 delivered only 0.51x the throughput of its predecessors. The root cause was traced to kernel commit 7dadeaa6e851, which eliminated PREEMPT_NONE as the default option, leading to increased contention due to the new PREEMPT_LAZY model. Profiling data indicated that 55% of CPU time is consumed by spinning in PostgreSQL’s spinlock, causing significant performance degradation. When a revert patch was applied, throughput rebounded to 1.94x the baseline. The decision to restrict preemption modes in Linux 7.0 aimed to address issues within the kernel's scheduling model. Dipietro proposed a patch to restore PREEMPT_NONE, but kernel developers suggested PostgreSQL adopt the rseq time slice extension instead. Database operators running PostgreSQL on Linux face potential performance reductions with the upgrade to Linux 7.0.