defense Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Tech Optimizer

March 1, 2026

Surfshark is one of the few VPNs to offer a real antivirus solution

Users are increasingly focused on the effectiveness of their security software alongside the number of streaming services they use. Leading VPN providers are responding by offering comprehensive packages that combine VPN capabilities with antivirus features. Surfshark has introduced Surfshark One, which integrates its VPN service with proprietary antivirus software. This solution is designed to provide a comprehensive cybersecurity experience within a single application. To access the antivirus feature, users must subscribe to the Surfshark One plan, which offers quick and full scans, customizable scanning options, and scheduled scans. Detected threats are quarantined and deleted after 60 days. The antivirus includes Cloud Protect for continuous defense against malware, updating its database every three hours, and provides 24/7 malware protection. Surfshark One also includes additional tools such as Alternative ID for safeguarding user information, Surfshark Alert for notifications about compromised sensitive information, and Surfshark Search for ad-free browsing. Surfshark's VPN offers access to over 4,500 servers and supports unlimited devices. Surfshark One differs from other VPN packages by providing essential tools for post-compromise care and customizable security settings. Competitors like ExpressVPN and NordVPN offer tiered pricing structures with advanced security features in higher-tier plans. To acquire Surfshark One, users can visit the Surfshark website and choose from various subscription plans. The cost difference between the Surfshark Starter plan and Surfshark One is minimal, with Surfshark One starting at .49 per month. Surfshark One+ includes additional features like personal data removal and identity theft coverage. Only a few providers currently offer both VPN and antivirus capabilities, including Surfshark, Private Internet Access, and CyberGhost.

Tech Optimizer

February 26, 2026

Avast Antivirus Just Got Smarter: Is It Finally Worth Your Money?

Avast Antivirus has introduced advanced AI tools, enhanced browser protection, and new privacy features in the U.S. market. It offers real-time malware protection, phishing shields, and Wi-Fi scanning. Avast's product lineup includes a free version, a premium security plan, and Avast One, catering to different user needs. Independent lab tests show Avast ranks highly in malware blocking, competing with brands like Bitdefender and Kaspersky. However, users should be cautious of upselling practices and data collection concerns. The free version provides strong protection, while paid plans offer additional features like VPN and advanced ransomware protection. Avast is accessible on various platforms, and pricing fluctuates due to promotions. Users are advised to assess their needs and be mindful of renewal rates before subscribing.

Winsage

February 24, 2026

How to migrate applications to Windows 11

Organizations are transitioning from Windows 10 to Windows 11 following the end-of-support date for Windows 10. Windows 11 is designed to support most applications that ran on Windows 10, but challenges may arise due to undocumented legacy applications and configurations. A thorough evaluation of devices, including installed applications and data locations, is essential to minimize disruptions during the upgrade. Migrations can be categorized as clean installations or in-place upgrades. A clean installation erases the previous OS and data, while an in-place upgrade retains existing settings and applications. In-place upgrades are not allowed for certain transitions, such as from Windows 10 Home to Windows 11 Pro without first upgrading to Windows 10 Pro. IT professionals often prefer clean installations to avoid carrying over issues from the previous OS. During an in-place upgrade, data in library folders is retained, but data in the Windows folder may be at risk. Compatibility issues may arise with poorly designed applications or drivers post-upgrade, particularly with legacy applications reliant on outdated frameworks. Preparation for migration includes creating an inventory of applications, identifying potential incompatibilities, and ensuring backups of data. IT must also confirm hardware meets Windows 11 requirements. If a clean installation is chosen, strategies for application installation must be developed, utilizing tools like System Center Configuration Manager or Microsoft Intune. Validation and testing of migration tools should occur in a lab environment, followed by a pilot deployment on a small percentage of machines. After successful pilot testing, the final deployment can proceed, followed by an audit to address any issues. Careful planning and testing are crucial for a smooth migration process.

BetaBeacon

February 24, 2026

RAINBOW SIX Goes Mobile Worldwide And Is Now Available On iOS And Android

Ubisoft has launched Rainbow Six Mobile worldwide, a free-to-play first-person shooter game that brings the tactical intensity of Rainbow Six Siege to iOS and Android devices.

AppWizard

February 23, 2026

The Kremlin spent years building a messenger to replace Telegram. Now it’s reportedly telling soldiers the substitute is too insecure to use at the front.

Russian military personnel have been advised to stop using the messaging application Max due to security concerns, as reported by Mediazona. This recommendation follows intensified restrictions on Telegram, which began in the summer of 2025. The Federal Security Service (FSB) has warned that Ukrainian forces can intercept Telegram communications, prompting worries about the safety of sensitive information. Access to Telegram has been increasingly limited, with plans for further restrictions on media file access reported by RBC. Pro-war advocates, including Sergey Mironov, have criticized these limitations and defended Telegram as a reliable communication tool. Despite the Kremlin's claims that troops do not rely on Telegram, the Russian Defense Ministry asserts that they use standard communications equipment and a domestically developed messenger. On February 18, Russian Digital Development Minister Maksut Shadaev stated that Telegram would not be blocked for frontline use for now.

Tech Optimizer

February 22, 2026

Researchers Discover First Android Malware Using Generative AI for Persistence

Security researchers have identified a new Android Trojan named PromptSpy that uses generative AI technology to enhance its persistence on compromised devices. Discovered by ESET researchers, PromptSpy leverages Google's Gemini AI model to analyze infected device screens and generate tailored instructions for embedding itself within recent apps lists. It includes a Virtual Network Computing (VNC) module that allows attackers full remote control over the device, enabling activities such as viewing the screen, performing actions remotely, capturing lock screen data, blocking uninstallation attempts, gathering device information, taking screenshots, and recording screen activity as video. The malware communicates with command-and-control servers using AES encryption and exploits Android Accessibility Services, making it difficult to remove. PromptSpy is distributed through a dedicated website and is financially motivated, adapting to various Android interfaces and operating system versions. ESET's analysis indicates that the malware is regionally targeted, with a focus on Argentina, and may have been developed in a Chinese-speaking environment. The same threat actor is believed to be responsible for both VNCSpy and PromptSpy.

AppWizard

February 20, 2026

Google says its AI systems helped deter Play Store malware in 2025

Google reported a decrease in malicious apps targeting its Google Play platform, preventing 1.75 million policy-violating apps from being published in 2025, down from 2.36 million in 2024 and 2.28 million in 2023. The company banned over 80,000 developer accounts in 2025 for attempting to publish harmful apps, a decrease from 158,000 in 2024 and 333,000 in 2023. Google conducts over 10,000 safety checks on every app before publication and has integrated generative AI models into the app review process. The company prevented more than 255,000 apps from gaining excessive access to sensitive user information, down from 1.3 million in 2024, and blocked 160 million spam ratings and reviews. Additionally, Google Play Protect identified over 27 million new malicious apps, an increase from 13 million in 2024 and five million in 2023.

Tech Optimizer

February 20, 2026

Don’t risk being unprotected – Protect your Mac with 20% off Moonlock

The Moonlock app, developed by MacPaw, is a cybersecurity application designed for macOS that offers features like malware detection, real-time protection, and enhanced digital privacy. MacPaw is currently offering a limited-time promotion of a 20% discount on Moonlock. The app provides comprehensive security by scanning external drives, email attachments, and archived files, and is tailored specifically for macOS users. It includes a built-in VPN for secure browsing, a Network Inspector to monitor data traffic, and helps optimize native security settings like FileVault and Firewall. Moonlock also operates a research lab that monitors emerging vulnerabilities specific to macOS.

AppWizard

February 20, 2026

Russia steps up campaign against Telegram with allegations against its founder

The head of Russia's FSB security service has accused Telegram's founder, Pavel Durov, of enabling criminal activities on the platform. Russia's state communications regulator has imposed restrictions on Telegram for failing to remove extremist content, which is significant given the app's importance for communication in the country. In response, Telegram stated that the accusations are false justifications to undermine its operations while promoting a state-owned alternative, MAX. FSB chief Alexander Bortnikov claimed that Durov prioritizes personal interests leading to legal infractions, citing crimes such as juvenile delinquency and terrorism facilitated through Telegram. The communications regulator has slowed down Telegram's functionality due to inadequate responses to warnings, and a government minister raised security concerns about the app's encryption. Telegram has refuted claims of compromised encryption and stated that Russian authorities are pushing citizens towards a state-controlled messaging service. Additionally, other foreign messaging apps like WhatsApp and FaceTime have faced restrictions, and citizens have been encouraged to switch to MAX. Despite the crackdown, Telegram remains popular among Russian authorities, and ordinary users are using VPNs to bypass restrictions.