command Archives

Winsage

June 27, 2026

New Millenium RAT version infects 62,000 Windows systems worldwide

A significant evolution of the Millenium remote access trojan (RAT) has impacted over 62,000 Windows devices across more than 160 countries. The latest version, 4.*, marks a departure from previous .NET-based versions and is attributed to a threat cluster known as Y2K Operators, with the creator identified as “ShinyEnigma.” There are 62,289 infected endpoints, with 39,730 infections occurring in the first quarter of 2026. The RAT is marketed as malware-as-a-service (MaaS) and promoted through underground forums and platforms like GitHub, with accessible pricing. Millenium RAT 4 is developed in native C++ and uses the Telegram Bot API for command-and-control communications. Its capabilities include stealing browser data, collecting system information, logging keystrokes, capturing screenshots and audio, accessing Telegram and Discord data, downloading additional payloads, and executing Windows or PowerShell commands. The malware ensures persistence by replicating itself in the %APPDATA% directory and creating an autorun registry entry. The malware is distributed through social engineering tactics such as cracked software, cryptocurrency utilities, hacking toolkits, OSINT tools, exploit builders, and Roblox-related cheats. Some campaigns have trojanized malware builders, infecting cybercriminals. One campaign used PDF-themed lures with a malicious Windows shortcut to download the RAT while displaying a legitimate document. Payloads often use filenames associated with Windows components or security software to blend into infected systems. Group-IB recommends avoiding untrusted executables, applying security updates, enabling multi-factor authentication, and monitoring for unusual autorun registry entries.

AppWizard

June 26, 2026

Minecraft Adventure Maps — okay so let me just tell you what actually works

Adventure maps in Minecraft allow players to experience curated gameplay without survival mechanics or resource gathering. These maps are designed in Adventure Mode, preventing players from altering the environments. They vary in length and complexity, with some lasting only 20 minutes and others several hours, often featuring custom dialogue and narratives. Quality adventure maps can be found on platforms like Planet Minecraft, MCPEDL, CurseForge, and the Minecraft Marketplace. It's important to check version compatibility to avoid glitches. Recommended adventure maps include Herobrine’s Mansion, Diversity 3, SkyBlock, The Forgotten, Chronos, and Parkour Paradise. Multiplayer maps should be labeled as such to avoid common issues like skipped puzzles and disrupted story pacing. Installing maps differs between Java and Bedrock editions, with Java scanning the saves folder and Bedrock requiring the opening of a .mcworld file. Players may face issues like command blocks failing or visual discrepancies due to missing resource packs or version mismatches. To evaluate a map's quality before downloading, check the download count and read comments for potential bugs. Java and Bedrock maps are not interchangeable, so verifying the edition and compatibility is crucial for a smooth experience.

AppWizard

June 26, 2026

Down with tactical rocks

The evolution of miniature design in tabletop gaming has shifted from simple character representation to exaggerated poses and precarious placements. Miniatures like the ork, once depicted in dynamic stances, now feature characters such as a dwarf leaping off a statue for dramatic effect. Maugan Ra, the Phoenix Lord, is shown straddling two tactical rocks, resembling a politician rather than a harbinger of doom. Games Workshop has popularized the trend of "tactical rocks," which are intended to elevate characters for visual impact but have become excessive. Originally, key figures were distinguished by size or mounting, but now even imposing figures like Kragnos awkwardly perch on these rocks. There is a growing sentiment among enthusiasts that this trend detracts from the artistry of miniatures, with many preferring to use color schemes and banners for distinction rather than relying on exaggerated poses. The balance between creativity and practicality in miniature design continues to be a topic of discussion.

Winsage

June 25, 2026

Making Windows a developer platform, again

Setting up a PC with the base Dev Config has been streamlined for developers, utilizing the Winget configuration service to install applications, execute updates, and apply developer settings on Windows. Users can access setup scripts by cloning a GitHub repository or downloading a zip archive, with clear instructions provided by Microsoft. The installation may require a reboot during the Windows Subsystem for Linux (WSL) installation, but the script resumes automatically afterward. The process installs applications such as PowerShell, Git, GitHub command-line interfaces, Windows App SDK, Visual Studio Code, and language support for Node.js, Python, and .NET. It also includes developer-friendly fonts and a theme engine for Windows Terminal, along with options for customizing File Explorer and the Windows Task Bar. After WSL installation, developers can use WSL Comfort scripts to install additional tools and personalize their Windows Terminal experience. This utility has two phases: the Windows component configures WSL and Ubuntu, while the Linux component fine-tunes the WSL environment, allowing for zsh and starship terminal display tools. It also integrates popular command-line interfaces and supports the Homebrew package installer, targeting existing Ubuntu instances without needing a new Linux distribution installation.

Winsage

June 25, 2026

PowerToys replaced tools I used to install on every Windows PC

Raycast for Windows, a productivity app, was initially a valuable tool for launching applications and executing actions quickly. However, the introduction of the Command Palette in Microsoft PowerToys provided similar functionality, leading to Raycast being less essential for the user's needs. The user found that the Command Palette effectively served as a fast app launcher, integrating well with other PowerToys features. The user also transitioned from GlazeWM, a tiling window manager, to FancyZones in PowerToys for better window management, as FancyZones offered more tailored window layout options. Additionally, Text Extractor in PowerToys streamlined the user's optical character recognition (OCR) tasks by allowing easy text extraction from images. Overall, PowerToys consolidated several utilities into one suite, enhancing the user's productivity while reducing the need for multiple separate applications.

Winsage

June 24, 2026

A bunch of bugs that broke PowerToys have been squashed

PowerToys has updated to version 0.100.1, fixing critical bugs from version 0.100.0 that affected core features. - Color Picker: Resolved a bug causing the main window to appear within the zoomed-in picker view. - Command Palette: Corrected initialization of Run history in Ahead-of-Time builds, fixed "???" display in Performance Monitor after restart, adjusted Hibernate command to use the Sleep icon, and limited "pin to dock" dialog to enabled displays. - Keyboard Manager: Addressed remapped modifier keys being delivered as system-key events. - Power Display: Fixed monitor power-state control not waking monitors from standby and resolved display detection and brightness control issues on dual-GPU laptops. - PowerToys Run: Improved discovery of Visual Studio Code workspaces. - Quick Access: Fixed crashes in the Quick Access flyout due to unhandled XAML exceptions. - Shortcut Guide: Resolved a crash in the sidebar navigation, corrected number-key rendering in shortcut manifests, and updated bundled manifests for consistent rendering. - ZoomIt: Fixed a race condition in audio initialization for video recording.

Winsage

June 24, 2026

Windows RAT Uses Encrypted HTTP C2 and Registry Persistence After npm Infection

A malware campaign targets Windows systems through a malicious npm package named postcss-minify-selector-parser, which mimics the legitimate postcss-selector-parser. This counterfeit package installs a Remote Access Trojan (RAT) on developer machines, beginning with a multi-stage attack triggered by the installation of the package. The RAT can steal credentials, execute shell commands, and communicate with a remote attacker. Security researchers at JFrog identified this threat and reported it on June 22, 2026, noting that two additional related packages, postcss-minify-selector and aes-decode-runner-pro, are linked to the same publisher and remain live on the npm registry. The RAT employs encrypted HTTP communication with a command-and-control (C2) server and ensures persistence by creating a registry key under the Windows Run key. It has capabilities for remote shell execution, file uploads and downloads, and can steal saved login data from Google Chrome using Windows decryption APIs. The malware is designed for organized batch exfiltration of stolen data. Indicators of compromise include specific IP addresses, domains, file paths, and SHA-256 hashes associated with the malware components. JFrog advises users to remove the malicious packages, inspect their dependency trees, and treat any stored credentials as compromised.

Tech Optimizer

June 23, 2026

Active Exploitation of Critical CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE via PostgreSQL Sidecar Service

A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.

Winsage

June 23, 2026

Tested: Microsoft just debloated Windows 11 Search without Bing, and it’s crazy fast

Windows 11 has introduced a significant enhancement to its Search functionality, allowing users to completely eliminate web results through a toggle in Insider Experimental build 26300.8697. This feature prioritizes local results and improves search speed. The new toggles for Web Searches and Microsoft Store apps can be found in the Privacy & security settings under "Show suggested search results." Users can still see past web searches if the Search history toggle is active. The web toggle's deactivation leads to local files being displayed first, while the Microsoft Store results can be toggled independently. Disabling both toggles results in a "No results found" message if there are no local matches. The feature is currently experimental and requires enabling via ViveTool. Additional improvements include typo forgiveness for app queries and enhanced search responsiveness. Microsoft is also shifting its strategy to provide users with more control over their Windows experience.

AppWizard

June 22, 2026

The Steam Machine is the start of an even more expensive future for game consoles

Valve's Steam Machine is priced at ,049 for the 512GB model and ,128 with a Steam Controller. The 2TB version costs ,349 or ,428 with the controller. In comparison, the 2TB Xbox Series X retails for 9.99, the PS5 Pro for 9.99, and the upcoming Switch 2 is expected to launch at 9.99. The Steam Machine offers access to Steam's extensive library of games and is positioned as a premium option in a market with rising hardware prices. Recent data shows a 46% decline in PS5 sales year-over-year, coinciding with a price increase to 9.99. Xbox is developing "Project Helix," a device between a console and a PC, but pricing concerns have led to a reevaluation of its vision.