credentials Archives

Winsage

April 23, 2026

Engineering secure passkey sync in Microsoft Password Manager

Passkeys are a new form of authentication that replace traditional passwords, providing a phishing-resistant and streamlined sign-in process. Microsoft Password Manager allows users to save and synchronize passkeys across devices linked to their Microsoft accounts, enhancing accessibility. The architecture for passkey syncing includes confidential computing for sensitive operations, hardware-rooted key protection for encryption keys, tamper-evident recovery storage, and encrypted synchronization across devices. Sensitive passkey operations are executed in Azure's confidential computing environments, ensuring cryptographic materials are processed securely. The encryption keys are protected using Azure Managed HSM, with access governed by attestation-based mechanisms. Registration and recovery processes require user authentication and enforce security measures within confidential computing boundaries, including a lockout state after consecutive incorrect PIN attempts. The system aims to provide a secure and user-friendly experience as part of a transition to a passwordless future.

Tech Optimizer

April 23, 2026

Everywhen issues six checks to spot unsafe websites

Everywhen has released guidelines to help organizations identify unsafe websites and combat online fraud. The guidance includes six checks users can perform before visiting unfamiliar sites: 1. Utilize website safety checker tools like Google Safe Browsing and Norton Safe Web. 2. Verify the site contains standard business information, such as contact details and social media links. 3. Conduct reputation checks by reviewing public feedback for complaints related to fraud or poor service. 4. Evaluate visual and editorial standards for indicators of illegitimacy, such as poor grammar or outdated branding. 5. Maintain updated antivirus software to block malicious downloads and phishing attempts. 6. Adjust browser settings to receive alerts about suspicious websites. The guidance highlights the importance of scrutinizing URLs for unusual spellings or characters and distinguishes between HTTP and HTTPS, noting that the padlock symbol does not guarantee trustworthiness. The initiative aims to protect both consumers and organizations from cyber threats, particularly as fake websites increasingly target personal information and financial transactions.

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.

Tech Optimizer

April 21, 2026

Safeguarding Against the Personal Attack Chain in the Age of “Always On” Connectivity

The cybersecurity industry has focused on protecting corporate perimeters, but cybercriminals are increasingly targeting executives and their families, exploiting personal vulnerabilities. Executives are twelve times more likely to be targeted than average employees, with over half experiencing personal breaches. The Personal Attack Chain is a multi-stage process where attackers exploit an executive's personal digital footprint to gain access to corporate resources. The stages include reconnaissance, intrusion, lateral movement, and action on objectives. Reactive security measures are insufficient; proactive intelligence is necessary to identify threats before they reach organizations. Home security is often compromised by vendors, and travel increases vulnerability. Digital Executive Protection (DEP) is becoming essential for safeguarding executives and their families, balancing privacy, convenience, and security. Effective strategies include minimizing digital footprints, safeguarding devices and networks, providing identity theft protection, and educating executives on online safety. Personal cybersecurity is now a corporate imperative, requiring a holistic approach to protect individuals and organizations alike.

Tech Optimizer

April 21, 2026

Even trusted apps can infect your PC with malware now

Recent supply-chain attacks are increasingly targeting well-known software such as CCleaner, Steam games, and Notepad++, allowing hackers to distribute malware through legitimate updates. The introduction of artificial intelligence has accelerated the frequency and sophistication of these attacks, with hackers compromising developers or exploiting third-party tools to inject malicious code. Notepad++ was specifically affected by a supply-chain attack where a compromised third-party tool led to the distribution of tainted software. Attackers use various strategies, including hacking developers' credentials, purchasing access, or compromising tools relied upon by developers. Antivirus software is crucial for protecting users from malware, even from trusted sources, as modern solutions have minimal impact on system performance.

Tech Optimizer

April 21, 2026

This Is ‘Best Antivirus Software For 2026’—Microsoft Says

Microsoft has updated its guidance for over 500 million Windows 11 users, encouraging them to evaluate their security measures. The company asserts that Microsoft Defender, its built-in antivirus software, is adequate for most users, providing protection against potential risks from the moment the PC is powered on. While Microsoft acknowledges that its default protections are usually sufficient, it also notes that the decision to use third-party antivirus solutions depends on individual usage patterns and desired features. Users managing multiple devices, sharing devices with family, or seeking additional services like identity monitoring may consider third-party options. However, Microsoft warns that adding extra security tools can complicate system performance and incur unnecessary costs. The perception of built-in protection has evolved since the Windows XP and Windows 7 eras, with Windows 10 and 11 reinforcing the reliability of Microsoft Defender. Despite this, the guidance is not expected to significantly impact the third-party antivirus market, as testing has shown a variety of excellent options available for users looking to enhance their security.

Winsage

April 18, 2026

“A solid list from the community,” as Reddit users highlight 10 open‑source apps that run great on Windows 11 and deserve more attention

Open-source software is becoming increasingly popular among Windows 11 users for its control, privacy, and avoidance of subscription models. Key applications highlighted include: - Firefox: A recommended open-source browser known for its privacy, customization, and performance, with robust extension support and regular updates. - Bitwarden: An open-source password manager that offers encrypted vault syncing across devices, end-to-end encryption, and features like password generation and autofill. - OBS Studio: A standard tool for screen recording and live streaming, praised for its flexibility and hardware acceleration support on Windows 11. - LibreOffice: A comprehensive office suite that provides document, spreadsheet, and presentation tools without subscription fees, supporting common Microsoft Office file formats. - 7-Zip: A file compression utility recognized for its speed and efficiency, offering enhanced security features not present in Windows 11's built-in archive support. - LocalSend: A file transfer tool that allows secure transfers over a local network without needing accounts or cloud services. - GIMP: An open-source image editing tool regarded as an alternative to Photoshop, known for its flexibility and extensive customization options. - Blender: An advanced open-source application for 3D modeling, animation, and video editing, benefiting from strong GPU acceleration on Windows 11. - PowerToys: A suite of productivity utilities for Windows 11 that enhances core features with tools like FancyZones and PowerRename. These applications are favored for their ability to enhance the user experience while prioritizing control, transparency, and long-term usability.

AppWizard

April 17, 2026

New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps

Cybersecurity researchers from Zimperium zLabs have identified four families of Android malware—RecruitRat, SaferRat, Astrinox, and Massiv—targeting banking and cryptocurrency applications. These malware families can extract sensitive information from over 800 applications. They primarily use phishing and smishing to lure users into downloading malicious software. Phishing involves creating fake websites resembling legitimate login pages, while smishing uses urgent text messages with links to download harmful payloads. RecruitRat targets job seekers with fake employment websites, and SaferRat promises free access to premium video services. Astrinox mimics a business tool and has been linked to a fraudulent Apple App Store page, while Massiv's distribution methods remain unclear. Once installed, these malware applications initiate Overlay attacks, displaying counterfeit screens to capture user credentials. They also use a "blindfold" technique to obscure their activities by overlaying static images on the user's screen. The malware can intercept security codes, capture one-time passwords, and employ keylogging techniques. RecruitRat has a library of over 700 counterfeit login pages that activate with targeted apps. Researchers recommend avoiding links in urgent messages and downloading apps only from official sources.

AppWizard

April 17, 2026

This Android Setting Makes It Easy to Manage All Your App Permissions

In Android devices, users can manage app permissions through a privacy dashboard located in Settings > Security & Privacy > Privacy > Permission manager. This includes permissions for the camera, microphone, location, and more. Users can specify access levels for these features, including allowing access all the time, only while using the app, or not at all. Special permissions, which allow apps to modify system settings or access sensitive data, require particular attention and can be reviewed in Settings > Apps > Special app access. Caution is advised for apps from outside the Google Play Store, as they may pose greater risks. Regular audits of app permissions are recommended to ensure that apps do not have more access than necessary.

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.