control Archives

Winsage

February 11, 2026

Microsoft Announces Windows Baseline Security Mode and User Transparency and Consent

Microsoft has introduced two initiatives to enhance user trust in the Windows operating system: Windows Baseline Security Mode and User Transparency and Consent. These initiatives focus on transparency in app and AI agent behaviors, allowing users to reverse decisions and limiting access to defined capabilities. Windows Baseline Security Mode will enforce runtime integrity safeguards, permitting only properly signed apps, services, and drivers to run, while allowing users and IT administrators to override these safeguards if necessary. User Transparency and Consent will prompt users when apps attempt to access sensitive resources or install additional software, providing clear and actionable options for users to review and modify their choices. The rollout will occur in Windows 11 through a phased approach, with potential implementation in the Windows Insider Program by mid-year, possibly aligning with a future Windows 11 version or Windows 12 release.

Winsage

February 11, 2026

Microsoft dials up the nagging in Windows, calls it security

Microsoft is introducing new security features for its Windows operating system, including "Windows Baseline Security Mode" and "User Transparency and Consent." The Baseline Security Mode will enforce runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to operate, with options for users to override these safeguards for legacy applications. The User Transparency and Consent feature will require explicit user consent for applications accessing sensitive resources, moving away from the current User Account Control prompts. Microsoft aims to enhance user security and privacy while providing clear and actionable notifications. CrowdStrike's Chief Technology Innovation Officer expressed support for this initiative, emphasizing the importance of user consent settings for security software effectiveness. Microsoft has a history of security initiatives, including the Secure Future Initiative, and plans to hold applications and AI tools to higher transparency standards. The rollout of these updates will occur in phases, although no specific timeline has been provided.

Winsage

February 11, 2026

Microsoft tightens Windows security with app transparency and user consent

Microsoft is enhancing the security of its Windows operating system through two initiatives: User Transparency and Consent, and Windows Baseline Security Mode. The User Transparency and Consent initiative will notify users when applications request access to sensitive resources and log every permission granted, allowing users to review and modify their choices. Applications and AI agents will adhere to higher transparency standards. Windows Baseline Security Mode will enable runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to run. Users and IT administrators can approve exceptions for specific applications. These updates are part of Microsoft’s Secure Future Initiative, which aims to help organizations prevent, manage, and recover from security incidents. The rollout will occur in phases, with collaboration from developers, enterprises, and partners to ensure a smooth transition.

Winsage

February 11, 2026

The Windows 98 Toaster is Here

YouTuber Throaty Mumbo successfully ran Windows 98 on a smart toaster by disassembling the Revolution Cooking High-Speed Smart Toaster and using a Raspberry Pi 5 to emulate a late-1990s Pentium II PC. He created a custom program called “toast.exe” to facilitate communication between the Windows 98 interface and the toaster's hardware. The project resulted in a functional system that allows users to operate the toaster through a retro Windows 98 environment, complete with a 7-inch HDMI monitor and a 3D-printed shell designed to resemble a classic PC.

Winsage

February 11, 2026

Global Group ransomware gang running new campaign using Windows shortcut files

The Global Group ransomware operates entirely in silent mode, executing all activities locally on the compromised system without relying on a command and control server. It generates the encryption key directly on the host machine, resulting in no actual data exfiltration despite claims in its ransom note. This approach allows for quicker attacks, targeting a broader range of victims while reducing detection risk. The act of encryption alone can compel payment due to significant operational downtime for affected organizations.

Tech Optimizer

February 11, 2026

How to Disable Windows 11 Defender: Temporary and Permanent

Microsoft Defender Antivirus is the built-in security solution for Windows 11, protecting against viruses, malware, and ransomware. Users may need to disable it temporarily or permanently for various reasons, including software installation, penetration testing, performance issues, transitioning to third-party antivirus solutions, or troubleshooting conflicts. Temporary disabling can be done through the Windows Security app, which will automatically re-enable after a restart. Permanent disabling requires changes in Group Policy, applicable only to Windows 11 Pro, Enterprise, and Education editions, and necessitates disabling Tamper Protection first. Another method for permanent disabling is installing a third-party antivirus, which automatically deactivates Defender's real-time protection. Windows 11 Home users cannot use Group Policy for permanent disabling but can still temporarily disable Defender or install a third-party antivirus. Disabling Defender exposes the system to threats, and users should ensure they have alternative protection in place. Major Windows updates may reset Defender settings, and caution is advised when modifying system settings.

AppWizard

February 10, 2026

Russia: “Slowing down” of Telegram messaging app another blow for freedom of expression

Russian authorities imposed significant slowdowns on the Telegram messenger service, prompting concerns from Marie Struthers, Amnesty International's Eastern Europe and Central Asia Director. She argued that these actions restrict free communication rather than protect against online crime. Struthers noted a trend of increased state control over online communications in Russia, leading users to seek circumvention tools or less secure alternatives. On February 10, restrictions on access to Telegram were initiated by Roskomnadzor, resulting in widespread disruptions. In August 2025, Roskomnadzor limited voice and video calls on Telegram and WhatsApp due to their alleged use in criminal activities, followed by partial restrictions on these platforms. Other messaging services, such as Signal and Viber, have also been blocked. Additionally, Russian authorities promoted the domestically developed MAX messenger, raising concerns among human rights groups regarding its security and privacy.

Tech Optimizer

February 10, 2026

GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection

GuLoader, also known as CloudEye, is a downloader malware that has been active since late 2019, primarily used to fetch and install secondary malware like Remote Access Trojans (RATs) and information stealers. It employs legitimate cloud services such as Google Drive and Microsoft OneDrive to host its malicious payloads, allowing it to evade detection by security tools. GuLoader utilizes advanced techniques including polymorphic code, which alters its appearance to avoid static detection signatures, and exception-based control flow to confuse analysis tools. Over the years, GuLoader has refined its tactics, including the use of software breakpoints and various exception types to redirect its operations. It also employs dynamic XOR encryption to obfuscate internal data, making it difficult for analysts to extract URLs. The malware's continuous evolution poses ongoing challenges for security researchers. Indicators of Compromise (IOCs) include specific hash values for different versions of GuLoader from 2022 to 2024.

AppWizard

February 10, 2026

Google warns millions of android users as virus spreads via WhatsApp, Instagram, Facebook, YouTube and more Apps; How to stay safe

Google has issued a warning to Android users about a dangerous malware called Arsink Malware, which is a Remote Access Trojan (RAT) capable of stealing personal information and taking control of infected devices. It spreads through apps that appear legitimate, often masquerading as "Mod" or "Premium" versions of popular applications. Arsink malware typically infiltrates devices via Telegram channels, Discord posts, third-party websites, and suspicious download links. Google has confirmed that no versions of Arsink are available on the Play Store and that devices with Google Play Protect enabled are automatically safeguarded against such threats. Google is also working with researchers to dismantle the infrastructure associated with this malware. To stay safe, users are advised to download apps only from the official Google Play Store, avoid 'Mod' or 'Premium' versions of apps, refrain from clicking on suspicious links, carefully check app permissions, keep Google Play Protect enabled, and regularly update their devices for security patches.

Winsage

February 10, 2026

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

The Global Group has shifted to a local execution strategy for ransomware, complicating detection and response efforts. Their infection process begins when a user opens a shortcut file with a double extension (e.g., “Document.doc.lnk”), which appears as a legitimate document due to Windows' default settings that hide file extensions. The shortcut icon mimics that of a Microsoft Word file. When executed, the .lnk file activates Windows utilities like cms.exe and PowerShell to retrieve and execute the next-stage payload, effectively bypassing traditional security controls focused on malicious documents or executable attachments.