cybersecurity expert Archives

Tech Optimizer

May 4, 2026

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to their removal from Windows systems globally. This issue arose after a Defender signature update on April 30th, with affected certificates including 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. The certificates were removed from the AuthRoot store under the Registry key HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates. Microsoft has addressed the issue in Security Intelligence update version 1.449.430.0, which also restored the removed certificates. The false positives were linked to detections related to a recent DigiCert breach, where threat actors obtained valid code-signing certificates used for signing malware. DigiCert revoked 60 code-signing certificates, including those linked to the "Zhong Stealer" malware campaign. The malware utilized certificates issued to companies like Lenovo and Kingston, but the certificates flagged by Microsoft Defender are root certificates and do not correspond to the revoked code-signing certificates.

AppWizard

April 24, 2026

Another spyware maker caught distributing fake Android snooping apps

The Italian digital rights organization Osservatorio Nessuno has revealed a new malware called Morpheus, used by government agencies for surveillance. Morpheus is disguised as a phone updating application and can extract various data from targets' devices. The spyware is linked to IPS, an Italian firm specializing in lawful interception technologies, which claims to operate in over 20 countries. Morpheus is categorized as "low cost" due to its straightforward infection method, which involves tricking targets into installing the software. Authorities collaborated with the target's mobile service provider to obstruct data and send an SMS prompting the installation of the malware. Once installed, Morpheus exploits Android's accessibility features to access extensive information and masquerades as the WhatsApp application to solicit biometric data. The spyware's code contains Italian phrases and references to "Gomorra," indicating its connection to the Italian spyware industry. The attack is likely linked to political activism in Italy. IPS is among several Italian spyware manufacturers that have emerged following the decline of Hacking Team.

Winsage

April 16, 2026

Windows 11’s Recall tool has been cracked open again, and Microsoft doesn’t see that as a problem

Alexander Hagenah has developed a tool called TotalRecall Reloaded that exploits a vulnerability in Microsoft's AI feature, Recall, which manages data. Recall was designed to store AI-generated insights but was found to potentially store sensitive information in plain text, prompting Microsoft to delay its rollout. The vulnerability lies in AIXHost.exe, which lacks essential security measures, allowing unauthorized processes to extract sensitive data, such as decrypted screenshots and metadata, after user authentication via Windows Hello. Microsoft has downplayed the risks, asserting that existing security controls mitigate unauthorized access. TotalRecall Reloaded is available on GitHub for further exploration.

Tech Optimizer

April 2, 2026

Cybersecurity expert highlights mobile device vulnerabilities

Cybersecurity expert John Joyce emphasizes the vulnerabilities of mobile devices, noting that many users mistakenly believe their smartphones are secure. He highlights that smartphones often serve as primary computing devices, storing sensitive personal information, which makes them attractive targets for cybercriminals. Joyce advises users to look for signs of compromise, such as device slowdowns or unusual app behavior, and to keep their devices updated with the latest operating systems and security patches to reduce risks. He recommends using a Virtual Private Network (VPN) when on public Wi-Fi and suggests utilizing security apps like Norton and TotalAV for additional protection. Joyce also points individuals to Cirrus Technology Consultants' online resources for further information on mobile cybersecurity.

AppWizard

March 24, 2026

Russia pushes unencrypted Max messenger as WhatsApp, Telegram face restrictions

The Max messenger app, launched by VK in March 2025, has gained popularity in Russia, particularly as the government restricts messaging apps like WhatsApp and Telegram. The app combines messaging, social media, government services, digital identification, and banking. President Vladimir Putin supports it as a means to achieve "technological sovereignty," and a law designates Max as a "national multifunctional messenger." Digital Development Minister Maksut Shadayev has promoted Max, which is also featured prominently on state television. Although not mandatory, there is significant pressure on citizens to use it, with schools and corporations transitioning communications to Max. As of March, the app surpassed 100 million users and is on Russia's "white list" of digital services that remain operational during internet blackouts. Since September, it has been pre-installed on all phones and tablets sold in Russia, with the RuStore app store being mandatory for Apple devices. Max does not offer end-to-end encryption, and user data is stored on Russian servers, with policies allowing data sharing with authorities. Critics, including the Budushcheye political movement, express concerns about surveillance and the app's functionality as a "digital trap." Despite government assurances, disruptions on Telegram and WhatsApp have been reported, with limitations on calls initiated by the government citing non-cooperation from these foreign-owned services.

Tech Optimizer

February 19, 2026

The 5 Biggest Cybersecurity Threats to Watch in 2026: Is Your Business Safe From These Looming Dangers? – Travel And Tour World

In 2026, cybersecurity has evolved significantly, necessitating organizations to prioritize five critical threats identified by expert Danny Mitchell from Heimdal: 1. AI Vulnerabilities: Attackers can manipulate machine learning models by introducing corrupted data, leading to dangerous decisions by AI systems. 2. Cyber-Enabled Fraud and Phishing: Phishing attacks have become more sophisticated with AI, using deepfake technology to impersonate individuals and evade detection. 3. Supply Chain Attacks: Cybercriminals exploit vulnerabilities in software libraries and vendor relationships, compromising trusted software updates and access credentials. 4. Software Vulnerabilities: The rapid discovery of software vulnerabilities outpaces patching efforts, leaving systems exposed to attacks, especially legacy systems. 5. Ransomware Attacks: Modern ransomware employs double extortion tactics, encrypting and stealing data, pressuring businesses to comply with ransom demands. Mitchell recommends strategies such as auditing AI systems, implementing multi-channel verification, securing supply chains, prioritizing patch management, and developing ransomware response plans to combat these threats.

Winsage

February 11, 2026

Global Group ransomware gang running new campaign using Windows shortcut files

The Global Group ransomware operates entirely in silent mode, executing all activities locally on the compromised system without relying on a command and control server. It generates the encryption key directly on the host machine, resulting in no actual data exfiltration despite claims in its ransom note. This approach allows for quicker attacks, targeting a broader range of victims while reducing detection risk. The act of encryption alone can compel payment due to significant operational downtime for affected organizations.

Winsage

January 16, 2026

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Jen Easterly has been appointed as the new Chief Executive Officer of the RSA Conference. She is a cybersecurity expert and former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Palo Alto Networks has released security updates for a vulnerability (CVE-2026-0227) with a CVSS score of 7.7 affecting its GlobalProtect Gateway and Portal, which can cause a denial-of-service condition in PAN-OS software. The January 2026 security update from Microsoft has caused connection and authentication failures in Azure Virtual Desktop and Windows 365, affecting users across various Windows versions. Microsoft is working on a resolution. The chief constable of West Midlands Police acknowledged an error by Microsoft’s Copilot AI in generating a fictional intelligence report. Microsoft has not confirmed Copilot's involvement. Britain’s National Cyber Security Centre (NCSC) has collaborated with Five Eyes partners to provide guidance on securing industrial operational technology, highlighting risks associated with remotely monitored systems. Kyowon, a South Korean conglomerate, confirmed a ransomware attack on January 10 that may have compromised customer information, affecting approximately 5.5 million members. Researchers at Varonis have identified a new attack technique called "Reprompt" that allows data exfiltration from Microsoft Copilot via a malicious link, exploiting a Parameter 2 Prompt (P2P) injection technique. Central Maine Healthcare is notifying over 145,000 patients about a data breach that compromised personal, treatment, and health insurance information, discovered on June 1.

AppWizard

December 30, 2025

Users confused by sudden terms of use update at Vietnam’s most popular messaging app Zalo

Thanh Hung, a sales employee in Ho Chi Minh City, was prompted to accept new terms of service on Zalo, a messaging platform, under the threat of account deletion. He accepted without reading the details due to urgency. Thanh Tuan from Hanoi also faced a similar situation, expressing concern over potential hidden clauses and opting to decline the new terms, risking account deletion in 45 days. Zalo, with over 80 million users, updated its terms on December 26, introducing a comprehensive user agreement and a separate agreement for its social network. Users can either accept all terms or decline specific services. The sudden notification has led to discussions among users, with some feeling pressured to agree. The update is seen as a response to the upcoming Law on Protection of Personal Data, which imposes penalties for violations. Key changes in the terms include a distinction between the messaging platform and the social network, a definition of "user content," and the introduction of Zalo ID for enhanced security. Zalo states that data collection serves its business operations.

Tech Optimizer

October 28, 2025

NordVPN revealed Americans’ false sense of online security with shocking Times Square ‘Talk to a hacker’ stunt

NordVPN launched an interactive billboard in Times Square as part of their "an antivirus is only half-protection" campaign, challenging the belief in the effectiveness of antivirus software. The campaign revealed that 73% of Americans incorrectly believe antivirus software protects them from identity theft and data breaches. Participants engaged with ethical hackers who demonstrated vulnerabilities, exposing personal information such as passwords and Social Security numbers. The campaign highlighted that over half of Americans trust antivirus software for online safety, yet many do not take precautions when using public Wi-Fi. Data breaches often expose contact information, leading to risks of phishing and identity theft. The billboard featured ethical hackers who provided insights on online safety, and NordVPN offers resources for checking data breaches and improving cybersecurity. NordVPN provides advanced security features and serves millions of users globally.