cybersecurity experts Archives

AppWizard

May 8, 2026

Messenger is the most invasive app, research says

Recent research from Surfshark indicates that Meta's Messenger app collects 32 out of 35 possible data types, making it the "most data-hungry messaging app." Following Meta's decision to disable end-to-end encryption for Instagram direct messages on May 8, 2026, user privacy is compromised, allowing Meta access to message content. Cybersecurity experts express concerns about the implications of this change and highlight that users provide valuable data to the company. In contrast, WhatsApp continues to offer end-to-end encryption. Surfshark also notes that 90% of messaging apps now incorporate AI features, raising privacy concerns regarding user data sharing. For privacy-conscious users, Signal is ranked as a top alternative due to its minimal data collection and strong encryption. A VPN, or Virtual Private Network, is highlighted as a tool for enhancing online privacy and security.

Winsage

May 5, 2026

Defender yanks root certs as Windows updates blocks backups

Microsoft's Defender anti-malware tool update version 1.449.425.0 removed two DigiCert root digital certificates, leading to false positives that flagged them as severe malware (Trojan:Win32/Cerdigent.A!dha). This incident was later identified as a false positive, and updating to version 1.449.430.0 or later reinstates the certificates. The issue may be linked to a DigiCert employee encountering disguised malware. Additionally, Windows updates from April 14 caused third-party backup applications to malfunction due to the addition of vulnerable psmounterex.sys kernel driver versions to a blocklist. Users experienced difficulties with mounting backup image files, and Microsoft referenced a vulnerability rated 9.3 out of 10 in the driver. Other affected software includes Acronis Cyber Protect Cloud and UrBackup server. Microsoft has not explained the delay in adding the vulnerable driver to the blocklist, and other recent update-related issues have also been reported.

Winsage

May 4, 2026

Microsoft Confirms Critical Windows Update Error Disrupting Global Systems

Microsoft has confirmed a critical bug in its latest cumulative update, affecting millions of Windows 10 and Windows 11 users. The issue leads to a "Restart and Shut Down" loop, preventing users from completing the update and locking them out of their devices. This disruption is particularly severe for corporate IT departments, with reports of entire office networks being paralyzed. The problematic update, identified as KB5037853, was meant to address security vulnerabilities but has caused systems to display an endless "Update and Restart" message. Some users experience a "Blue Screen of Death" (BSOD) and may be forced into "Recovery Mode." Microsoft is working on a "Known Issue Rollback" (KIR) to automatically undo the problematic code for consumer machines, while enterprise users may require manual intervention. The downtime is projected to result in significant financial losses, with large enterprises potentially losing up to ,600 per minute of unplanned downtime. Affected versions include Windows 11 22H2, 23H2, and Windows 10 22H2. Symptoms include failure to shut down, BSOD on boot, and missing Start menu icons. The estimated downtime ranges from 4 to 12 hours, depending on IT response speed. Critics have raised concerns about Microsoft's development process, suggesting it places users in the role of beta testers.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

Winsage

April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.

Winsage

April 20, 2026

“The vault is solid, the delivery truck is not” — strong key storage, shaky transfer: why this Windows Recall feature raises new security questions

Windows Recall, an AI-driven tool by Microsoft designed to capture and analyze users' screen content, was initially unveiled in 2024 but faced a delayed rollout due to significant security concerns. It launched in April 2025 with enhanced security features, including isolation within a "VBS Enclave" to protect against third-party access and filtering out sensitive information. However, security researcher Alexander Hagenah identified a flaw where data is transmitted to a less secure process, d AIXHost.exe, allowing tools like TotalRecall Reloaded to access sensitive data without administrative privileges. Despite reporting this vulnerability, Microsoft deemed it "not a vulnerability" and has not planned significant fixes. In response to user backlash, Microsoft is reassessing its AI initiatives, including Windows Recall, while privacy-focused organizations have introduced features to block the tool. Experts are calling for improved security protocols and user opt-out options.

Winsage

April 19, 2026

Windows Defender Security Flaws Actively Exploited by Hackers

Three vulnerabilities in Microsoft Defender, known as BlueHammer (CVE-2026-33825), RedSun, and UnDefend, are being actively exploited by hackers. BlueHammer has been patched, while RedSun and UnDefend remain unpatched. The public release of exploit code has accelerated real-world attacks, affecting Windows 10, Windows 11, and Windows Server systems. Attackers have begun exploiting these vulnerabilities, leading to concerns about privilege escalation, disruption of security updates, and the rapid spread of attacks.

Winsage

April 16, 2026

There’s No Saving Windows 11. It’s Time for Windows 12

Windows 11 has faced user frustration due to its cluttered interface and the addition of Copilot AI features, leading to questions about its viability. Recent updates allow users to skip installations during initial setup and offer enhanced taskbar customization. Microsoft is committed to improving Copilot integration, but performance issues and bugs persist. The Recall feature has raised privacy concerns, as it can expose sensitive information, with a researcher demonstrating a way to bypass security measures. The 25H2 update has been plagued by bugs, and users have noted dissatisfaction with ads promoting Microsoft services. The integration of AI has increased RAM usage, affecting system performance. Many users are calling for a focus on developing Windows 12 to restore confidence in Microsoft's operating systems.

Winsage

April 14, 2026

This fake Windows 11 24H2 update looks perfect, until it avoids antivirus and steals your passwords

Cybercriminals are using sophisticated tactics to deceive users, particularly with a counterfeit website posing as a legitimate Windows 11 update. This site operates under the domain microsoft-update[.]support and is designed to trick individuals into downloading malware that compromises sensitive information. The site is written in French and mimics a genuine cumulative update for Windows 11, version 24H2, featuring a convincing KB article number and a blue download button. The malware is packaged as a Windows update using the WiX Toolset 4.0.0.5512 and is labeled "WindowsUpdate 1.0.0.msi," with properties that suggest it is from Microsoft. At the time of analysis, VirusTotal showed no detections for the malware, which conceals its harmful code within an Electron shell, making it difficult to identify. Users are advised to download updates directly through the Windows Settings app or from Microsoft's official support hub.

Tech Optimizer

April 10, 2026

Popular Monitor Utilities, CPU-Z And HWMonitor, Have Been Infected With Malware

Recent reports indicate that the hardware monitoring tools HWMonitor and CPU-Z have been compromised, leading to users downloading malware instead of the legitimate software. Users reported receiving suspicious executable files and antivirus alerts when attempting to download the latest versions. A specific incident involved a user who downloaded HWMonitor from the official CPUID website, only to find the file was labeled incorrectly and flagged as a virus by Windows Defender. Cybersecurity experts confirmed that this is a serious issue involving a multi-stage trojanized attack from a compromised domain. The developer of CPU-Z and HWMonitor acknowledged that a secondary feature linked to the website was compromised for about six hours, causing the main website to display incorrect files. Users are advised to refrain from downloading or updating these utilities until the issue is resolved.