commands Archives

Winsage

March 6, 2026

Chinese hackers hide malware in Windows and Google Drive to hit targets

Chinese state-sponsored threat actors, specifically a group known as Silver Dragon, have been conducting espionage operations across Southeast Asia and Europe since at least mid-2024. They have targeted government entities in countries such as Russia, Poland, Hungary, Italy, Japan, Myanmar, and Malaysia. Silver Dragon is believed to be affiliated with APT41 and primarily uses phishing emails to initiate attacks, often containing weaponized documents or links. They employ a custom backdoor called GearDoor, which utilizes Google Drive for command-and-control operations, allowing them to exfiltrate stolen intelligence. The group also hijacks legitimate Windows services to load malicious code and uses tools like SSHcmd and Cobalt Strike for post-exploitation activities. Their tactics involve blending malicious activities with normal system operations, making detection difficult and increasing their dwell time within targeted networks.

Winsage

March 6, 2026

Windows Server 2025 Native NVMe: Storage Stack Overhaul and Benchmark Results

On December 15, 2025, Microsoft announced native NVMe support in Windows Server 2025, marking a significant evolution in data management and access. The new architecture replaces Disk.sys with NVMeDisk.sys, allowing direct communication from the filesystem to hardware via StorMQ, eliminating latency and enhancing performance. Testing revealed increased read speeds, particularly in random 4K and 64K benchmarks, with significant reductions in average read latency and lower CPU usage during sequential operations. Write operations showed modest improvements. A registry modification is required to enable this feature, and caution is advised due to potential complications with NVMe drives when deduplication is enabled.

Winsage

March 6, 2026

FRANK OS 1.0 Launches With a Retro Windows 95-Like Desktop

FRANK OS is a newly launched open-source graphical desktop operating system specifically designed for microcontrollers, with its first official version, 1.0, now available. It is built on FreeRTOS rather than the Linux kernel, optimized for the RP2350 microcontroller, which has approximately 520 KB of SRAM and dual CPU cores. The operating system features a desktop environment reminiscent of Windows 95, including overlapping windows, a taskbar, and a start-menu-style launcher. It supports standard desktop behaviors and allows users to switch between applications using an Alt+Tab-style interface. FRANK OS comes preloaded with nine lightweight applications, such as an interactive terminal, a C compiler, classic games, and a ZX Spectrum emulator. Programs can be compiled as ARM ELF binaries and loaded from an SD card. The system is aimed at hobbyists and experimental use.

Winsage

March 6, 2026

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a social engineering campaign named ClickFix that exploits the Windows Terminal application to deploy Lumma Stealer malware. Detected in February 2026, this campaign instructs users to access Windows Terminal using the Windows + X → I shortcut, enhancing its perceived legitimacy. Attackers evade detection by manipulating users into executing harmful commands through deceptive prompts. The attack chain involves pasting a hex-encoded command into Windows Terminal, which opens additional Terminal and PowerShell instances, leading to a PowerShell process that decodes a script. This process downloads a ZIP payload containing a renamed 7-Zip binary, which extracts files and initiates a multi-stage attack, including retrieving payloads, establishing persistence, configuring Microsoft Defender exclusions, exfiltrating data, and deploying Lumma Stealer by injecting it into "chrome.exe" and "msedge.exe." Lumma Stealer targets browser artifacts to harvest credentials. A secondary attack pathway involves downloading a batch script that writes a Visual Basic Script to the Temp folder and connects to Crypto Blockchain RPC endpoints, also using QueueUserAPC() for code injection into browsers to extract data.

Winsage

March 5, 2026

Microsoft’s latest Windows 11 updates are “deleting the internet” for many: Possible fixes explored

A critical bug in Windows 11 builds 24H2 and 25H2 is causing users with Ethernet connections to lose internet access after installing updates KB5066835 and KB5065789. Users have reported issues on Microsoft’s Q&A forums, and rolling back the operating system is recommended. Possible fixes include performing a full network reset, flushing DNS and resetting TCP/IP via Command Prompt, editing the registry, and using hardware bypass solutions like USB-to-Ethernet or USB-to-WiFi adapters.

AppWizard

March 4, 2026

March builds on Google Home automations, expands Nest’s Yale Lock support

Google Home is implementing significant updates in March, including improvements to the Gemini voice assistant's interaction with smart home devices through room-level commands. Users can now issue commands like "turn off the kitchen," targeting specific devices. The update introduces new automation triggers, such as "Security system is armed" and "Device is plugged in." Google is also expanding its partnership with Yale Smart Lock, allowing users to view lock history and receive notifications through the Google Home app. The Gemini update enhances voice assistant capabilities, utilizing users' home addresses for contextually relevant responses, and improving accuracy for commands related to notes, reminders, calendars, and alarms. Additional features include enhanced responses for informational queries, fewer interruptions during speech, increased reliability for automations, improved accuracy in playing new songs, and a new “Live Search” feature for Google Home Premium subscribers. A software patch for Nest Wifi Pro is also set to enhance security and performance. Gemini for Home was first unveiled in late 2022, with early access starting in October, and users have reported positive experiences with features like "Ask Home."

Winsage

March 4, 2026

Windows App Development CLI Updated with .NET Project Support, More

Microsoft has released version 0.2 of its Windows App Development CLI (winapp), incorporating several new features based on community feedback. Key updates include first-class support for .NET projects, allowing integration of WinUI 3, WPF, Windows Forms, and .NET console applications. Developers can initialize projects with winapp init, which aligns them with the appropriate Windows SDK version and generates necessary folders. The update also introduces manifest placeholders for easier app packaging, integrates Microsoft Store CLI commands into winapp, and enhances the help and error messaging system for better usability. Additional improvements include new commands for external catalogs and package identity, updates to winapp pack and manifest update-assets, and a Flutter guide with a sample project for using Windows App SDK APIs.

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Winsage

March 1, 2026

Forget ‘debloat apps.’ Sophia Script gives you real control over Windows 11. Here’s how it works.

Windows 11 users often find system settings dispersed and many functionalities unconfigurable. The Sophia Script for Windows is an open-source PowerShell module designed to debloat and optimize Windows 10 and 11. It requires manual adjustments to select desired optimizations. To use the script, users must download it via PowerShell or from GitHub, extract files, and run the SophiaScriptWrapper.exe to import the Sophia.ps1 file. Users can customize functions and export a custom script before executing it. The script requires specific commands to run and may prompt users for selections during operation. Users can also run individual functions without modifying the entire script. The Sophia Script offers advanced control over privacy settings and system functions, appealing to power users who seek deeper customization beyond standard interfaces.

Winsage

March 1, 2026

Forget ‘debloat apps.’ Sophia Script gives you real control over Windows 11. Here’s how it works.

Windows 11 users often find system settings scattered, making configurations difficult to access. The Sophia Script for Windows is an open-source PowerShell module designed to debloat and optimize Windows 11 and 10. It requires manual modifications for customization and can be downloaded via PowerShell or from GitHub. Users must extract files, run the SophiaScriptWrapper.exe, and import the Sophia.ps1 file to customize and export their script. To execute the script, users must navigate to the script's directory in PowerShell, set execution policies, and run the customized script. Individual functions can also be executed by navigating to the script directory and using specific commands. The Sophia Script offers extensive control over system-level functions, allowing for deep customization of privacy settings and system behaviors, but may not be suitable for all users due to its complexity.