cybersecurity experts Archives

Winsage

June 3, 2026

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have identified an unpatched vulnerability that could expose NTLMv2 hashes to attackers, linked to the "search:" URI handler. This issue is similar to CVE-2026-33829, which involved a spoofing vulnerability in the Windows Snipping Tool's ms-screensketch: URI handler. The flaw allows attackers to trick users into connecting to their SMB servers, disclosing NTLMv2 hashes for authentication exploitation. The new vulnerability operates using "search:" and "crumb=location:" parameters, resulting in a similar Net-NTLMv2 leak. Microsoft has chosen not to address this issue, stating only vulnerabilities classified as Important or Critical would be fixed. Recommendations to mitigate risks include blocking outbound SMB traffic, enforcing SMB signing, and disabling NTLM authentication where possible.

Tech Optimizer

June 3, 2026

Endpoint Security Statistics By Market Share And Insights (2026)

Endpoints are critical computing devices connected to networks, including personal computers, tablets, smartphones, and smart appliances, and are often targeted in cyberattacks. Robust endpoint security is essential, especially in business environments with sensitive data. Endpoint protection solutions include antivirus software, endpoint detection and response (EDR) systems, and multi-factor authentication. - 81% of businesses have faced malware-related attacks. - 59% of ransomware incidents compromise data stored in public cloud environments. - In 2023, the average cost associated with breach detection and escalation reached USD 1.58 million. - 97% of executives access work accounts via personal devices. - During Q3 2024, malware detections at endpoints surged by 300%. - 13% of employees reported being victims of phishing attacks while working remotely. - 70% of employees using ChatGPT in the workplace do so without informing their employers. - 68% of companies have reported at least one successful endpoint attack that compromised their data or IT infrastructure. - 55% of professionals consider smartphones among the most vulnerable endpoints. - 47% of organizations monitor their networks around the clock. - The global financial impact of cybercrime is projected to exceed .5 trillion annually by 2025. - In 2021, 53% of organizations experienced successful ransomware attacks, marking a 148% increase from 2020. - Paying a ransom can double the total cost of a ransomware incident. - 40% of organizations delay patch rollouts to avoid potential conflicts. - 67% of IT professionals believe that Bring Your Own Device (BYOD) policies have weakened their organization's security posture. - 69% of Chief Information Security Officers (CISOs) expected at least one ransomware attack in 2022. - Only 50% of organizations encrypt sensitive data on their devices. - Organizations with a high number of remote workers face the greatest risks regarding endpoint security threats. - The endpoint security market is anticipated to grow from USD 13.37 billion in 2023 to USD 31.2 billion by 2032, with a compound annual growth rate (CAGR) of 12.1%. - Approximately 70% of companies plan to increase their investment in endpoint security solutions over the next two years. - The average financial impact of a data breach is estimated at around USD 4.88 million. - In 2023, the highest costs related to breaches were linked to detection and escalation, averaging USD 1.58 million. - As of 2024, the United States has the highest average cost of data breaches globally at USD 9.36 million. - A significant breach affecting 50 to 60 million records in 2024 is expected to cost USD 375 million. - Organizations facing compliance challenges typically incur an average breach cost of USD 5.05 million. - 40% of organizations admit to postponing patch implementations to avoid potential conflicts. - 92% of remote employees report using personal smartphones or tablets for work tasks. - 80% of executives are inclined to send work-related messages from personal devices. - 80-90% of successful ransomware attacks originate from unmanaged devices. - 62% of cybersecurity experts cite data loss and leaks as their primary concerns regarding BYOD policies. - 36% of employees using personal devices for work admit to delaying security updates. - 71% of employees store sensitive work passwords on personal phones. - 67% of organizations work with multiple vendors for management and security across various device types. - Only 42% of surveyed companies have a solution to proactively identify sensitive data on employee devices. - 38% of employees state that their employer lacks BYOD policies, or that existing policies are often disregarded. - There was a 300% increase in malware detections at endpoints during Q3 2024. - In 2024, a data breach involving Twilio compromised 33 million phone numbers linked to Authy accounts. - 90% of successful cyberattacks and up to 70% of data breaches originate from endpoint devices. - 54% of security experts reported that over 20% of their total endpoints were unmanaged. - 67% of Managed Service Providers (MSPs) faced AI-driven threats in the past year. - Among HR professionals who offboarded employees in the last year, 71% reported that at least one employee failed to return company-owned devices. - 65% of employees indicated they often bypass organizational security protocols to enhance productivity. - Over 90% of security incidents related to lost or stolen devices lead to unauthorized data breaches. - 13% of employees admit to being victims of phishing attacks while working remotely. - 63% of companies may have former employees retaining access to organizational data. - 62% of employees acknowledged transferring company intellectual property to personal devices. - 59% of stolen company-owned devices contained sensitive information. - Gartner estimates that shadow IT accounts for 30-40% of IT expenditures in large organizations. - 80% of employees engage in shadow IT activities. - 76% of small and medium-sized businesses (SMBs) believe shadow IT poses a security risk. - 58% of SMBs have encountered significant shadow IT initiatives without the knowledge of their official IT departments. - 30% of IT leaders cite information security as the primary challenge to adopting BYOD policies. - The prevalence of shadow IT has surged by 59% due to remote work. - 70% of employees using ChatGPT in the workplace do so without employer knowledge. - 32% of remote and hybrid employees use applications or software not sanctioned by IT. - 59% of organizations have experienced data loss due to cloud-based shadow IT. - ChatGPT is the most frequently used unauthorized application among employees. - By 2027, it is projected that 75% of employees will acquire, modify, or create technology beyond IT's visibility. - The trend of paying ransoms has increased; over 47.8% of companies chose to pay in Q3, rising to 59.6% in Q4. - Tanium raised USD 300 million in Series G funding, resulting in a valuation of USD 9 billion. - Cybereason secured USD 275 million in Series F funding. - SentinelOne acquired Attivo Networks in a transaction valued at USD 616 million.

Winsage

June 1, 2026

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

Microsoft is facing scrutiny due to a critical remote execution vulnerability, CVE-2026-41089, rated at 9.8, affecting Windows Server domain controllers from version 2012 onward. This vulnerability allows unauthenticated users on the same network to send malformed UDP packets to a domain controller, potentially granting unauthorized system access or causing a reboot, leading to denial-of-service scenarios. The vulnerable service is Netlogon, and there are no immediate mitigations available; patches will be released on May 12. The vulnerability could allow attackers to create multiple accounts with various access levels, compromising the security of entire networks. Cybersecurity experts recommend patching all linked domain controllers simultaneously. The vulnerability is caused by a buffer overflow in the Netlogon service due to a field in a network packet exceeding its expected size. A GitHub repository exists with proof-of-concept code that can crash the LSASS service. Additionally, Microsoft is in conflict with security researcher Chaotic Eclipse, who has published zero-day exploits following a breakdown in negotiations.

AppWizard

May 25, 2026

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Zimperium identified a sophisticated malware campaign that exploited nearly 250 Android applications, posing as popular games and social media platforms. The malware ensnared users into premium subscription services without consent, using techniques like JavaScript injection and interception of one-time passwords. The campaign primarily targeted users in Malaysia, Romania, Thailand, and Croatia, with the malware capable of reading SIM cards and activating for specific mobile carriers. Zimperium first detected the scam in March 2025 and monitored it until at least January 2026. Google stated that none of the compromised applications were available on its app store and emphasized that Android users are protected by Google Play Protect. The hackers deployed three malware variants, with the first using an automated subscription engine, the second targeting users in Thailand with premium SMS messages, and the third combining SMS fraud with real-time notifications to attackers via Telegram. The campaign primarily affected Malaysian SIM card users, with significant activity also in Thailand and Romania. Despite the campaign's last known activity in January, parts of its infrastructure remain operational. The attacks highlight vulnerabilities in application security and the challenges of policing app downloads from third-party marketplaces.

Winsage

May 23, 2026

Microsoft Windows Дефендер тизимидаги хавфли заифликларни бартараф этди

Microsoft has identified two significant vulnerabilities in Windows Defender, specifically related to the Malware Protection Engine, which could allow denial-of-service attacks. These vulnerabilities could destabilize the security mechanism of Windows. Microsoft has released patches in versions 1.1.26040.8 and 4.18.26040.7 of the Malware Protection Engine to address these issues. Users with automatic updates enabled will receive these patches without further action, but it is recommended that users manually check for updates in the Windows Security settings. There is currently no evidence that these vulnerabilities have been exploited in real-world scenarios.

AppWizard

May 19, 2026

Steam Game Sparks Controversy for Planting Malware on Users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was identified as an 'asset flip' by tech YouTuber Eric Parker. The game was found to contain malware hidden in a DLL file that targets users' cryptocurrency wallet information and Roblox account credentials. This incident follows a similar case in September 2025 involving a game called 'Blockbusters,' which also distributed malware. Following the exposé, Valve removed 'Beyond the Dark' from its platform within a day.

AppWizard

May 8, 2026

Messenger is the most invasive app, research says

Recent research from Surfshark indicates that Meta's Messenger app collects 32 out of 35 possible data types, making it the "most data-hungry messaging app." Following Meta's decision to disable end-to-end encryption for Instagram direct messages on May 8, 2026, user privacy is compromised, allowing Meta access to message content. Cybersecurity experts express concerns about the implications of this change and highlight that users provide valuable data to the company. In contrast, WhatsApp continues to offer end-to-end encryption. Surfshark also notes that 90% of messaging apps now incorporate AI features, raising privacy concerns regarding user data sharing. For privacy-conscious users, Signal is ranked as a top alternative due to its minimal data collection and strong encryption. A VPN, or Virtual Private Network, is highlighted as a tool for enhancing online privacy and security.

Winsage

May 5, 2026

Defender yanks root certs as Windows updates blocks backups

Microsoft's Defender anti-malware tool update version 1.449.425.0 removed two DigiCert root digital certificates, leading to false positives that flagged them as severe malware (Trojan:Win32/Cerdigent.A!dha). This incident was later identified as a false positive, and updating to version 1.449.430.0 or later reinstates the certificates. The issue may be linked to a DigiCert employee encountering disguised malware. Additionally, Windows updates from April 14 caused third-party backup applications to malfunction due to the addition of vulnerable psmounterex.sys kernel driver versions to a blocklist. Users experienced difficulties with mounting backup image files, and Microsoft referenced a vulnerability rated 9.3 out of 10 in the driver. Other affected software includes Acronis Cyber Protect Cloud and UrBackup server. Microsoft has not explained the delay in adding the vulnerable driver to the blocklist, and other recent update-related issues have also been reported.

Winsage

May 4, 2026

Microsoft Confirms Critical Windows Update Error Disrupting Global Systems

Microsoft has confirmed a critical bug in its latest cumulative update, affecting millions of Windows 10 and Windows 11 users. The issue leads to a "Restart and Shut Down" loop, preventing users from completing the update and locking them out of their devices. This disruption is particularly severe for corporate IT departments, with reports of entire office networks being paralyzed. The problematic update, identified as KB5037853, was meant to address security vulnerabilities but has caused systems to display an endless "Update and Restart" message. Some users experience a "Blue Screen of Death" (BSOD) and may be forced into "Recovery Mode." Microsoft is working on a "Known Issue Rollback" (KIR) to automatically undo the problematic code for consumer machines, while enterprise users may require manual intervention. The downtime is projected to result in significant financial losses, with large enterprises potentially losing up to ,600 per minute of unplanned downtime. Affected versions include Windows 11 22H2, 23H2, and Windows 10 22H2. Symptoms include failure to shut down, BSOD on boot, and missing Start menu icons. The estimated downtime ranges from 4 to 12 hours, depending on IT response speed. Critics have raised concerns about Microsoft's development process, suggesting it places users in the role of beta testers.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.