credentials Archives

AppWizard

March 21, 2026

Cyber actors linked to Russia target messaging app users, FBI warns

The United States has issued a warning about cyber actors linked to Russian intelligence targeting users of commercial messaging applications, particularly Signal, compromising thousands of accounts worldwide. The FBI and CISA released a public service announcement detailing the operation's focus on individuals of “high intelligence value,” including U.S. government officials, military personnel, political figures, and journalists. Attackers have not breached the encryption of these platforms but manipulate users into disclosing credentials or linking devices. Russian intelligence-linked actors often pose as official support accounts, creating urgency to obtain security codes. Dutch intelligence agencies also reported a similar campaign targeting Signal and WhatsApp accounts of dignitaries and military personnel. Users are urged to be cautious of suspicious messages and to avoid sharing personal information. Signal reaffirmed that its encryption remains intact, emphasizing that vulnerabilities arise from user behavior rather than technical flaws in the application itself.

Tech Optimizer

March 19, 2026

ClickFix Lures Power LeakNet’s Growing Ransomware Attack Chain

The ransomware group LeakNet has evolved its tactics, increasing its average targets from three per month and shifting from purchasing stolen network access to launching its own campaigns. They now use deceptive error screens and a new tool that executes malicious code in a computer's memory. Their strategy includes ClickFix lures, which compromise legitimate websites to display fake security checks, tricking users into executing malicious commands. This method broadens their victim reach and reduces costs. The Deno loader, part of this strategy, collects machine information and retrieves additional malicious code without leaving standard files, making detection difficult. After infiltrating a network, LeakNet checks for active user credentials and uses PsExec for lateral movement, employing Amazon S3 buckets for payload staging and data exfiltration. Defenders are advised to monitor for suspicious behavior rather than just known malicious files, focusing on unusual web commands and unexpected cloud storage connections.

AppWizard

March 19, 2026

ChatGPT Android App Hints At Sora Video Integration

OpenAI's generative video model, Sora, is likely to be integrated into the ChatGPT Android app, as indicated by discoveries in the beta version 1.2026.076. Testers found in-app text suggesting end-to-end video generation capabilities, allowing users to convert text and images into videos with dialogue, soundtracks, and customizable styles. The language used in the app is polished and consumer-ready, indicating a transition towards user-facing integration. Previous reports have indicated OpenAI's intention to incorporate Sora's video capabilities into ChatGPT, consolidating multimodal creation within a single platform. If integrated, users could transform text prompts and images into short videos, with options for voiceovers and music, facilitating easy sharing on social media. OpenAI's demonstrations have shown Sora's ability to create intricate 1080p videos, potentially redefining ChatGPT into a mobile video studio. The integration would likely handle intensive tasks in the cloud, with possible limitations on file size and resolution for free users. The integration of Sora into ChatGPT's Android app would provide access to a large user base, enhancing the mainstream adoption of AI video creation. The competitive landscape includes rivals like Runway and Google, all developing video capabilities. The introduction of mobile video generation raises challenges such as misinformation and copyright issues, prompting OpenAI to emphasize safety measures and content provenance strategies. While the beta strings do not confirm a launch date, features typically undergo final refinements late in development. Indicators to watch for include a new “Video” option in input modes and prompts for camera roll access. If Sora is launched in ChatGPT for Android, it will mark a significant shift for the app, making video creation an integral part of the user experience.

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.

AppWizard

March 19, 2026

New Android malware hiding in streaming apps to spy on users’ personal notes

Researchers have discovered a sophisticated malware called Perseus that targets Android users by disguising itself within television streaming applications to steal sensitive information, including passwords and banking details. This malware, reported by ThreatFabric, primarily affects users in Turkey and Italy and is based on the leaked code of previous Android banking trojans, particularly Cerberus. Perseus masquerades as IPTV service apps, often downloaded from unofficial sources, and employs overlay attacks and keylogging techniques to capture user credentials. It specifically targets personal note-taking applications like Google Keep, Evernote, and Simple Notes to extract sensitive information stored within them. The malware landscape is evolving, with new threats like the banking trojan Herodotus and the Crocodilus variant, which can manipulate contact lists. Users are advised to be cautious when downloading applications from unofficial sources.

Winsage

March 18, 2026

Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges

A Windows vulnerability named "RegPwn" (CVE-2026-24291) allows low-privileged users to elevate their access to full SYSTEM privileges. Discovered by the MDSec red team, it has been in use since January 2025 and was addressed in a recent Microsoft Patch Tuesday update. The vulnerability exploits the management of Windows accessibility features, which generate a registry key that grants full control to low-privileged users. When a user activates an accessibility tool, the configurations are copied into the local machine registry hive, which remains writable by the logged-in user. This creates an opportunity for manipulation, especially when user-controlled settings interact with the Windows Secure Desktop environment. An attacker can exploit this by modifying their user-level accessibility registry key and using an oplock on a system file, allowing them to replace the local machine registry key with a symbolic link to an arbitrary system registry key. This process operates under SYSTEM privileges, enabling the attacker to write arbitrary values to restricted areas of the Windows registry. MDSec demonstrated this technique to gain access to a SYSTEM-level command prompt. Microsoft has released security updates to address this vulnerability, and MDSec has made the exploit code available on GitHub for research purposes.

Winsage

March 17, 2026

Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability

Microsoft is implementing a two-phase initiative to disable the hands-free deployment feature in Windows Deployment Services (WDS) due to a critical remote code execution vulnerability (CVE-2026-0386) identified on January 13, 2026. This vulnerability arises from improper access control related to the Unattend.xml file, which is transmitted over an unauthenticated RPC channel, allowing attackers on the same network segment to exploit it. Successful exploitation could grant SYSTEM-level privileges and compromise OS deployment images. The initiative includes: - Phase 1 (January 13, 2026): The hands-free deployment feature will remain operational but can be disabled. New Event Log alerts and registry key controls will be introduced to enforce secure practices. - Phase 2 (April 2026): The hands-free deployment feature will be completely disabled by default for administrators who have not modified registry settings. Administrators can temporarily re-enable the feature by setting AllowHandsFreeFunctionality = 1, but this is not secure. Recommendations include reviewing WDS configurations, applying security updates, setting registry keys for secure behavior, monitoring Event Viewer for alerts, and considering alternative deployment methods. Microsoft’s KB article 5074952 provides further guidance for impacted organizations.

AppWizard

March 16, 2026

Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services

Android 17 has introduced Advanced Protection Mode (AAPM) to enhance user security by preventing non-accessibility applications from using the Accessibility API, which has been exploited by malware. AAPM allows only verified accessibility tools to utilize the API and implements stricter security settings, including blocking installations from unknown sources, limiting USB data access, and mandating Google Play Protect scans. Applications must declare themselves as accessibility tools with the attribute isAccessibilityTool="true" to use the Accessibility Services API. Additionally, Android 17 features a new contacts picker that allows applications to request access to specific contact fields instead of the entire address book, enhancing user privacy.

Tech Optimizer

March 16, 2026

How to Avoid Getting Scammed Online in 2026

The Qantas data breach highlights vulnerabilities in online information security. Regularly changing passwords every few months is recommended, and tools like Bitdefender’s Password Manager can help manage complex passwords. Users should be cautious of suspicious links and attachments, as hackers often use phishing tactics. Implementing two-factor authentication (2FA) adds an extra layer of security to accounts. Keeping devices updated is crucial for protecting against vulnerabilities. Investing in reliable antivirus software, such as Bitdefender Antivirus Plus or Bitdefender Ultimate Security, is essential for safeguarding personal data. Staying informed about cybersecurity measures is important to prevent data breaches.

Tech Optimizer

March 13, 2026

Norton 360 Hits One of Its Lowest Prices Ever

Norton 360 is currently offering a significant promotional discount, attracting consumers who may not typically engage with security software. The software has evolved from basic antivirus tools to comprehensive security bundles, addressing the needs of households with multiple connected devices. It includes features such as real-time malware detection, scam protection, a secure VPN, a password manager, dark web monitoring, cloud backup, and parental controls, all housed within a single dashboard. The scam detection system evaluates suspicious links and websites to prevent users from entering credentials on fraudulent sites. Norton 360 is particularly beneficial for individuals managing multiple devices, remote workers, families, and frequent travelers. The current discount is noteworthy due to increased competition in the cybersecurity industry, making the bundled offering more cost-effective than purchasing individual tools separately.