command Archives

Winsage

May 6, 2026

New Trojan attacks Windows and steals data from smartphones via Phone Link

Cisco Talos experts have discovered a trojan that has been operational since at least January 2026, which installs the CloudZ RAT (Remote Access Tool) on Windows systems along with the Pheno plugin. The attack starts with an undisclosed initial access vector and involves executing a counterfeit SmartConnect update to deploy the CloudZ RAT. This RAT establishes an encrypted connection to its command and control (C2) server, allowing attackers to extract sensitive information. The CloudZ RAT assists in harvesting credentials from web browsers and downloads the Pheno plugin, which accesses Phone Link app data and transmits it to the C2 server. The Phone Link feature synchronizes critical data, including SMS messages with one-time passwords and account login details, which are the primary targets of the attackers.

Winsage

May 6, 2026

Windows 11’s new Run box is what happens when Microsoft actually cares: Replaces legacy Windows 95-era dialog with something new and better

Microsoft has introduced a redesigned Run dialog box for Windows 11, utilizing the modern UI framework WinUI 3. The new interface features improved speed, quick access to the home directory via the ~ command, and icons for frequently used programs. The browse button has been removed, a change that affects only 0.0038% of users based on data from a sample of 35 million. The new Run box is optional, allowing users to revert to the legacy interface if desired. This update is part of Microsoft's Windows K2 initiative aimed at enhancing performance and reliability for various users.

AppWizard

May 6, 2026

Coming to Xbox Game Pass: Forza Horizon 6, Mixtape, Subnautica 2, and More

Final Fantasy V is available on May 5 for Cloud, Xbox Series X|S, and PC through Game Pass Ultimate, Game Pass Premium, and PC Game Pass. Forza Horizon 6 will be available on May 19 for Cloud, Xbox Series X|S, Handheld, and PC, with early access starting on May 15. Ben 10 Power Trip is set for May 6 on Cloud, Console, and PC. Descenders Next (Game Preview) will also be available on May 6 for Cloud, Console, and PC. Wheel World, Wildgate, and Wuchang: Fallen Feathers will be released on May 6 for Cloud, Xbox Series X|S, and PC. Mixtape will be available on May 7 for Cloud, Xbox Series X|S, Handheld, and PC. Outbound is scheduled for May 11 on Cloud, Console, and PC. Black Jacket and Call of the Elder Gods will be available on May 12 for Cloud, Xbox Series X|S, Handheld, and PC. Elite Dangerous will be available on May 12 for Cloud and Console. DOOM: The Dark Ages will be released on May 14 for Cloud, Xbox Series X|S, Handheld, and PC. Subnautica 2 (Game Preview) will also be available on May 14 for Cloud, Xbox Series X|S, Handheld, and PC. InKonbini: One Store. Many Stories was released on April 30 for Cloud, Console, Handheld, and PC. Dead by Daylight’s Bloodbound Release Update is available now for Cloud, Xbox Series X|S, and PC. Sea of Thieves: Last Ship Standing Act 3 is part of Season 19. World of Warships: Legends is available now for Cloud, Console, and PC. Titles leaving Game Pass on May 15 include Galacticare, Go Mecha Ball, Kulebra and the Souls of Limbo, Paw Patrol Rescue Wheels: Championship, and Planet of Lana.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.

Winsage

May 5, 2026

Microsoft’s new Windows 11 Run dialog is faster than the Windows 95-era version it’s replacing

Microsoft is developing a modernized version of the Run dialog for Windows 11, featuring a streamlined design created using C# and WinUI 3. The new Run dialog has a median "time-to-show" of 94 milliseconds, which is an improvement over the old dialog's 103 milliseconds. This new version is designed to be more functional and user-friendly, allowing users to quickly access their home directory and supporting dark mode. The modern Run dialog is currently being rolled out as an opt-in feature for Insiders in the Experimental Channel.

Winsage

May 4, 2026

NTLite Update Lets Users Strip Copilot and AI Features From Windows 11 25H2 Installation Images

NTLite has released version 2026.04.10936, which allows users to remove AI features like Copilot and Windows Recall from Windows 11 25H2 installation images. The update includes faster, multi-threaded extraction capabilities that reduce processing time for Windows images and results in a smaller installation size. NTLite modifies the installation image directly, enabling a streamlined installation without the need for post-installation uninstallation of these features. The tool is available for free download, with a paid license option for advanced features. The demand for such tools has increased due to Microsoft's integration of AI features in Windows 11.

Winsage

May 4, 2026

Not seeing Xbox mode in Windows 11 yet? Unlock it using this free tool

The optional April 2026 update for Windows 11 (KB5083631) introduces Xbox mode, which enhances gaming performance by disabling unnecessary processes. The rollout prioritizes users in North America, followed by Europe, but many are still waiting for access. Xbox mode can be manually activated using ViVeTool, a free command-line application available on GitHub, provided users have installed update KB5083631. Xbox mode, previously known as the Xbox Full Screen Experience (FSE), offers a console-like interface optimized for full-screen display, enhancing readability and navigation with a gaming controller. It allows seamless transitions between productive tasks and gaming sessions, aiming to replicate the console experience on a PC.

Tech Optimizer

May 4, 2026

How to Set Up PostgreSQL on Windows Easily in 2026

The installation process for PostgreSQL can be challenging for new users due to several factors. A common issue is the requirement to set a strong password for the default 'postgres' user, which users often forget, leading to a complicated reset process. Another challenge is port conflicts, as PostgreSQL uses port 5432 by default; if another application is using this port, it complicates installation. Additionally, users must configure PostgreSQL to be included in the system PATH for command-line operations, a step that is frequently overlooked, causing frustration when executing commands.