credentials Archives

Tech Optimizer

April 26, 2026

CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister

On April 21, 2026, compromised versions of pgserve (1.1.11, 1.1.12, and 1.1.13) were published on npm, containing a 1,143-line credential-harvesting script that executes during the postinstall phase of npm install. The malware functions as a supply-chain worm, reinjecting itself into other packages if it finds an npm publish token. Stolen credentials are encrypted using RSA-4096 and AES-256 and exfiltrated to a decentralized Internet Computer Protocol (ICP) canister. The last legitimate release was v1.1.10, published on April 17, 2026. The malware was detected by StepSecurity AI Package Analyst and Harden Runner, which flagged the compromised versions as Critical / Rejected and confirmed live exfiltration during analysis. The injected script performs operations such as harvesting environment variables, collecting filesystem secrets, encrypting payloads, and propagating to other npm packages and Python packages if a PyPI token is detected. The exfiltration domains have been added to a global block list.

Winsage

April 24, 2026

Microsoft to roll out Entra passkeys on Windows in late April

Microsoft will introduce passkey support for phishing-resistant passwordless authentication on Microsoft Entra-protected resources starting in late April, with broader availability expected by mid-June 2026. This feature will allow passwordless sign-in on unmanaged Windows devices and will support various device types, including corporate, personal, and shared options. Administrators can manage passkeys through Conditional Access and Authentication Methods policies. Users can create device-bound passkeys stored securely within the Windows Hello container, using methods like facial recognition, fingerprint scanning, or a PIN. The passkeys will adhere to FIDO2 standards and will be securely bound to individual devices, preventing transmission over the network to enhance security against phishing and malware attacks. Microsoft has also announced plans for mandatory multifactor authentication registration for Entra tenants by October 2024 and that all new accounts will be passwordless by default starting in May 2025.

AppWizard

April 24, 2026

Google Adds Verified Email Feature to Simplify Android App Logins

Google has introduced a verified email feature for Android applications, accessible through the Credential Manager API. This feature allows apps to retrieve a user's verified email directly from their device, improving the login and account creation processes by eliminating the need for one-time passwords (OTPs) and email verification links. Users receive a system-level prompt to share their verified email with a simple tap, enhancing the user experience by reducing interruptions. The feature also benefits developers by simplifying verification systems and potentially decreasing user drop-off rates during registration. Currently, it supports Google accounts, with plans to include other identity providers in the future. Google advises developers to continue using traditional verification methods for non-Google accounts to ensure compatibility.

AppWizard

April 24, 2026

Google rolls out verified email feature for Android apps, removing need for OTPs

Google has introduced a verified email feature for Android applications via its Credential Manager API, allowing users to access their verified email addresses directly from their devices without traditional verification steps like OTPs or email links. Users receive a system-level prompt to share their verified email with a single tap, improving the user experience by eliminating the need to switch between apps. This feature simplifies the onboarding process for developers, reducing user drop-offs during registration and potentially improving conversion rates. Currently, it supports consumer Google Accounts, with plans for broader adoption pending support from other credential issuers. The system is intended for various use cases, including account creation, re-authentication, and recovery, while maintaining existing verification methods for non-Google accounts. This initiative is part of Google's effort to enhance authentication integration into the operating system and reduce reliance on passwords and multi-step verification.

Winsage

April 23, 2026

Engineering secure passkey sync in Microsoft Password Manager

Passkeys are a new form of authentication that replace traditional passwords, providing a phishing-resistant and streamlined sign-in process. Microsoft Password Manager allows users to save and synchronize passkeys across devices linked to their Microsoft accounts, enhancing accessibility. The architecture for passkey syncing includes confidential computing for sensitive operations, hardware-rooted key protection for encryption keys, tamper-evident recovery storage, and encrypted synchronization across devices. Sensitive passkey operations are executed in Azure's confidential computing environments, ensuring cryptographic materials are processed securely. The encryption keys are protected using Azure Managed HSM, with access governed by attestation-based mechanisms. Registration and recovery processes require user authentication and enforce security measures within confidential computing boundaries, including a lockout state after consecutive incorrect PIN attempts. The system aims to provide a secure and user-friendly experience as part of a transition to a passwordless future.

Tech Optimizer

April 23, 2026

Everywhen issues six checks to spot unsafe websites

Everywhen has released guidelines to help organizations identify unsafe websites and combat online fraud. The guidance includes six checks users can perform before visiting unfamiliar sites: 1. Utilize website safety checker tools like Google Safe Browsing and Norton Safe Web. 2. Verify the site contains standard business information, such as contact details and social media links. 3. Conduct reputation checks by reviewing public feedback for complaints related to fraud or poor service. 4. Evaluate visual and editorial standards for indicators of illegitimacy, such as poor grammar or outdated branding. 5. Maintain updated antivirus software to block malicious downloads and phishing attempts. 6. Adjust browser settings to receive alerts about suspicious websites. The guidance highlights the importance of scrutinizing URLs for unusual spellings or characters and distinguishes between HTTP and HTTPS, noting that the padlock symbol does not guarantee trustworthiness. The initiative aims to protect both consumers and organizations from cyber threats, particularly as fake websites increasingly target personal information and financial transactions.

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.

Tech Optimizer

April 21, 2026

Safeguarding Against the Personal Attack Chain in the Age of “Always On” Connectivity

The cybersecurity industry has focused on protecting corporate perimeters, but cybercriminals are increasingly targeting executives and their families, exploiting personal vulnerabilities. Executives are twelve times more likely to be targeted than average employees, with over half experiencing personal breaches. The Personal Attack Chain is a multi-stage process where attackers exploit an executive's personal digital footprint to gain access to corporate resources. The stages include reconnaissance, intrusion, lateral movement, and action on objectives. Reactive security measures are insufficient; proactive intelligence is necessary to identify threats before they reach organizations. Home security is often compromised by vendors, and travel increases vulnerability. Digital Executive Protection (DEP) is becoming essential for safeguarding executives and their families, balancing privacy, convenience, and security. Effective strategies include minimizing digital footprints, safeguarding devices and networks, providing identity theft protection, and educating executives on online safety. Personal cybersecurity is now a corporate imperative, requiring a holistic approach to protect individuals and organizations alike.

Tech Optimizer

April 21, 2026

Even trusted apps can infect your PC with malware now

Recent supply-chain attacks are increasingly targeting well-known software such as CCleaner, Steam games, and Notepad++, allowing hackers to distribute malware through legitimate updates. The introduction of artificial intelligence has accelerated the frequency and sophistication of these attacks, with hackers compromising developers or exploiting third-party tools to inject malicious code. Notepad++ was specifically affected by a supply-chain attack where a compromised third-party tool led to the distribution of tainted software. Attackers use various strategies, including hacking developers' credentials, purchasing access, or compromising tools relied upon by developers. Antivirus software is crucial for protecting users from malware, even from trusted sources, as modern solutions have minimal impact on system performance.

Tech Optimizer

April 21, 2026

This Is ‘Best Antivirus Software For 2026’—Microsoft Says

Microsoft has updated its guidance for over 500 million Windows 11 users, encouraging them to evaluate their security measures. The company asserts that Microsoft Defender, its built-in antivirus software, is adequate for most users, providing protection against potential risks from the moment the PC is powered on. While Microsoft acknowledges that its default protections are usually sufficient, it also notes that the decision to use third-party antivirus solutions depends on individual usage patterns and desired features. Users managing multiple devices, sharing devices with family, or seeking additional services like identity monitoring may consider third-party options. However, Microsoft warns that adding extra security tools can complicate system performance and incur unnecessary costs. The perception of built-in protection has evolved since the Windows XP and Windows 7 eras, with Windows 10 and 11 reinforcing the reliability of Microsoft Defender. Despite this, the guidance is not expected to significantly impact the third-party antivirus market, as testing has shown a variety of excellent options available for users looking to enhance their security.