conduit Archives

AppWizard

March 25, 2026

Alert warns of cyber actors using Telegram messaging app to push malware

The FBI issued an alert on March 20 about a sophisticated cyber technique linked to the Iranian government, using the Telegram app to distribute malware globally. This has led to data breaches and reputational damage for many victims. The FBI provided recommendations for organizations and individuals to enhance cybersecurity, including staying informed about cyber threats, implementing security protocols, and educating employees on suspicious communications. Contacts for further insights at the AHA include John Riggi and Scott Gee, with resources available at aha.org/cybersecurity.

AppWizard

March 25, 2026

FBI warns of Russian, Iranian cyber activity involving messaging platforms

The FBI issued alerts regarding cyber campaigns by Russian and Iranian actors targeting messaging platforms. Russian intelligence services are reportedly infiltrating applications like Signal, leading to unauthorized access of thousands of accounts of U.S. government officials, military personnel, political figures, and journalists. Russian operatives are using phishing messages disguised as support notifications to trick users into providing verification codes or account PINs, potentially allowing attackers to take over accounts. Once compromised, attackers can access messages, contact lists, and launch further phishing attempts. The advisory emphasizes that while Signal is targeted, similar tactics can affect any messaging app. In a separate alert, the FBI highlighted Iran’s Ministry of Intelligence and Security (MOIS) using Telegram to distribute malware aimed at Iranian dissidents and journalists, enabling them to steal sensitive information. This malware often disguises itself as legitimate software and connects to Telegram bots for remote access and data exfiltration. The FBI linked these activities to the Handala Hack group, which claimed responsibility for a recent attack on medical device manufacturer Stryker. The malware can be introduced through social media by hackers posing as technical support. Experts note that the use of Telegram for cyber compromises is increasing, as it helps malicious actors avoid detection by blending their traffic with trusted platforms.

AppWizard

March 19, 2026

Russia says messaging app Telegram remains in breach of regulations

The state communications regulator Roskomnadzor reported that Telegram is not compliant with Russian laws, according to the state-run news agency RIA. Telegram has faced allegations from Russian officials of being used for illegal and extremist content, while the platform denies these accusations and claims the government is trying to push users to a state-controlled alternative called MAX.

Winsage

March 16, 2026

Microsoft has lost the plot: 5 Windows “features” nobody asked for

Windows 11 has faced criticism for design choices that prioritize corporate interests over user experience, including aggressive monetization strategies and privacy concerns. The Recall app was designed to take frequent screenshots of the desktop but functioned like a keylogger, leading to privacy issues. Initially set to be enabled by default on new Copilot+ PCs, backlash prompted Microsoft to make it an opt-in feature during setup, allowing users to uninstall it. Microsoft also introduced biometric encryption and moved screenshot processing to secure enclaves for data protection. The Start Menu has shifted to include third-party advertisements in the "Recommended" section, turning it into a platform for promotions rather than a personal navigation tool. Microsoft replaced the right Control or Menu key with a dedicated Copilot key, disrupting standard keyboard layouts and complicating workflows for users. Setting up a new PC now requires an active internet connection and a Microsoft account, making it difficult to operate without relinquishing digital identity. This change illustrates a shift towards subscription revenue and data collection. Windows 11 often ignores users' default browser choices, defaulting to Microsoft Edge and Bing for web searches initiated from the taskbar, reflecting a trend of prioritizing Microsoft's ecosystem over user autonomy. These developments indicate a strategy by Microsoft to erode user control, suggesting users are becoming products rather than customers as the company focuses on data collection and subscription services.

AppWizard

March 4, 2026

Minecraft 26.1 Snapshot 11

The shipping room is preparing for the 26.1 snapshot, which includes various refinements, technical adjustments, and bug fixes. Players may face an issue where minimizing the game in Fullscreen mode prevents it from being maximized again. Changes include aligned textures for adult and baby Rabbits, new sound variants for Pigs, head rotation for Baby Goats, and updated textures for Baby Hoglins and baby Pandas. The Master Librarian no longer offers Name Tags but now provides Red and Yellow Candles for three Emeralds each, while the Wandering Trader offers Name Tags for one Emerald. The trumpet note block sound assets have been updated, and the Data Pack version is now 100, with a Resource Pack version of 83. New features include a new block state provider and adjustments to block states for Banners and Signs. A new tag, #preventsnearbyleaf_decay, has been added, and various special model types have been introduced for items like Bells and Books. Block state rendering has been adjusted for consistency, and several bugs have been fixed, including issues with Endermen, dragon eggs, and various textures. Snapshots are available for Minecraft: Java Edition, with instructions for installation and backup provided.

Winsage

February 24, 2026

Windows 11 27H2: Microsoft splits the Canary channel – Is the big overhaul finally coming?

The software department in Redmond is preparing for a significant update named 27H2, set for 2027, aimed at addressing legacy issues from older Windows versions. The Windows Insider Program is currently testing the 28000 series, with a notable shift to the 29500 build series indicating a "platform lift" that includes enhancements to the kernel and hardware abstraction layer (HAL). Microsoft plans to phase out VBScript and WordPad, eliminate support for outdated printer driver architectures and certain legacy file systems, and adopt a "core OS" approach to optimize performance for AI technologies. This update is seen as a strategic retreat from the idea of "Windows 12," focusing on stability and a comprehensive overhaul of the underlying architecture while avoiding market fragmentation. However, there are concerns that substantial changes could render older hardware or specialized software obsolete.

Tech Optimizer

February 18, 2026

Fake Antivirus Program Threatens Android Phones and Steals Data – Jordan News | Latest News from Jordan, MENA

Cybersecurity experts have identified a malicious campaign targeting Android users through a counterfeit antivirus application called TrustBastion. This app serves as a vehicle for distributing malware that steals personal and banking information and provides attackers with remote access to infected devices. TrustBastion has been found on Hugging Face, complicating detection for users. The app masquerades as a legitimate security tool, prompting users to install a “necessary update” that contains malicious code. Once activated, the malware captures screenshots, displays fake login pages for financial services, and records sensitive information, which is sent to the hackers' servers. Attackers frequently re-upload modified versions of the app, maintaining its harmful functionality. Users are advised to download apps only from official stores, review ratings, and avoid untrusted APK files. Installing reputable antivirus solutions and activating Google Play Protect is recommended for enhanced security.

Winsage

February 17, 2026

Microsoft Just Patched a Major Security Vulnerability for This Popular Windows App

Recent developments in Notepad have revealed a vulnerability that allows attackers to execute arbitrary code on users' computers through malicious links in Markdown files. This issue arises from the integration of Markdown support, which enables easy formatting of plaintext documents. An attacker could trick a user into clicking a link that launches unverified protocols, leading to the execution of remote files. Microsoft has addressed this vulnerability in the February 2026 security update for Windows. Users can check for this update in the Settings app under "Windows Update." In 2025, Microsoft patched 1,129 bugs in Windows 11, reflecting an increase in vulnerabilities associated with the integration of AI features.

Tech Optimizer

February 1, 2026

When Digital Guardians Turn Rogue: Inside the eScaneS an Antivirus Supply Chain Attack That Exposed Millions

eScan, an antivirus solution, has become a conduit for a supply chain attack that may have affected millions of users through a compromised software update mechanism. The attack exploited eScan’s automatic update system, distributing malware via official channels that appeared legitimate, thus bypassing traditional security measures. Reports indicate that supply chain attacks have increased by over 300% in the past three years, with software update mechanisms being prime targets. The exact number of affected users is still under investigation, but the breach occurred over a limited period before detection. Enterprises using eScan now face vulnerabilities in their security infrastructure, prompting IT departments to conduct forensic analyses to determine if their networks were compromised. The breach raises concerns about digital security as users typically rely on antivirus solutions for protection. Researchers found that the malware used advanced techniques, including multi-stage deployment and polymorphic behavior to evade detection, indicating significant resources behind the attack. In response, eScan has initiated an incident response protocol, revoked compromised digital certificates, and added verification layers to its update system. However, restoring user trust will require transparency about the breach and preventive measures. The incident has led to widespread security audits across the antivirus sector and may accelerate the adoption of zero-trust security models. Regulatory inquiries are underway regarding eScan's data protection practices, and legal experts anticipate class-action lawsuits from affected users and enterprises. The breach highlights a trend where attackers target security infrastructure itself, making software distribution security a critical focus for cybersecurity professionals. Proposed solutions include blockchain-based verification systems and industry-wide standards for supply chain security. The eScan breach underscores that no organization is immune to sophisticated supply chain attacks, as compromising a security vendor can provide access to its entire customer base. Increased information sharing about supply chain threats is advocated to enhance collaboration within the security industry. Moving forward, eScan must balance technical remediation with transparent communication to rebuild trust, while users are advised to implement defense-in-depth strategies rather than relying solely on one security tool.

Tech Optimizer

January 30, 2026

When Digital Guardians Turn Rogue: Inside the Avast Antivirus Supply Chain Attack That Exposed Millions

Avast's automatic update system was compromised, allowing malicious code to be distributed through its official channels, affecting potentially millions of users. This breach is characterized as a sophisticated supply chain attack, which exploited the software update mechanism, making it difficult to detect as the malware appeared legitimate. Security analysts noted a 300% increase in supply chain attacks over the past three years, with this incident highlighting vulnerabilities in security solutions. Avast has initiated an incident response, revoked compromised digital certificates, and is collaborating with cybersecurity firms to address the breach. European regulators have begun inquiries into Avast's data protection measures, and legal experts anticipate class-action lawsuits from affected users. The incident underscores a trend of attackers targeting security infrastructure itself, prompting calls for improved software distribution security and industry-wide standards.