detection Archives

Tech Optimizer

June 13, 2026

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

On June 10th, Splunk released an advisory for CVE-2026-20253, a high-severity vulnerability with a CVSS score of 9.8 that requires no authentication. The vulnerability is associated with the PostgreSQL Sidecar Service Endpoint and affects Splunk Enterprise versions 10 and above. In default installations, the service is not installed on Windows but is installed and enabled by default on AWS. The vulnerability allows unauthorized users to create and truncate arbitrary files through an API that lacks authentication controls. Additionally, it enables the execution of SQL commands via a backup and restore mechanism, potentially leading to remote code execution (RCE). A Detection Artefact Generator has been developed to help organizations assess their vulnerability to this issue.

Winsage

June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.

Tech Optimizer

June 12, 2026

NordVPN’s next-gen antivirus aces independent testing with a 96% phishing block rate

NordVPN's next-generation antivirus blocked 96% of phishing sites in the 2026 Anti-Phishing Comparative Test by AV-Comparatives, improving by 6% from May 2025. The test involved 275 active phishing URLs targeting personal data across various platforms. NordVPN was the first VPN provider to receive the AV-Comparatives anti-phishing protection badge in June 2024, requiring detection and blocking of at least 85% of phishing URLs without false alarms. Users are advised to verify URLs, read messages carefully, enable two-factor authentication, and check for secure HTTPS connections to avoid phishing attempts.

Tech Optimizer

June 12, 2026

Fake verification pages are stealing Steam accounts from players

Online gamers are being warned about a scam targeting Steam accounts through counterfeit FACEIT verification pages that look authentic. These fraudulent sites feature official branding and functional links, tricking users into entering their passwords. The scam is particularly aimed at FACEIT players, as it exploits the connection between FACEIT and Steam, where players link their accounts. The scam starts with a website mimicking an official FACEIT page, claiming to offer free identity verification. Scammers use lookalike URLs, such as faceit-discord.com and faceit-clubs-verify.com, to deceive users. The site may display subtle errors, like conflicting copyright dates, and encourages users to click a “Sign in through Steam” button, which leads to a fake login window designed to steal user credentials. To protect against this scam, users should verify the website address, be cautious of blurry QR codes, treat urgent messages as suspicious, navigate directly to official sites, and consider using tools like Malwarebytes Browser Guard. If users have already entered their details, they should change their Steam password, enable Steam Guard, and check for unauthorized activity. The scam's effectiveness lies in its convincing presentation and the use of Browser-in-the-Browser attacks, which manipulate the perceived address bar.

Tech Optimizer

June 11, 2026

Avast One: Security and privacy suite under the microscope

Avast One is the flagship consumer security suite from Avast (Gen Digital), combining antivirus, firewall, VPN, and privacy utilities into a single subscription for Windows, macOS, Android, and iOS. It offers four primary areas: device security, online privacy, identity protection, and performance tools. Device security includes real-time antivirus, Web Shield, Mail Shield, and Ransomware Shield. The online privacy component features a full VPN service with bank-grade encryption and a no-logs policy. Identity protection includes data breach monitoring and, in some markets, credit monitoring. Performance tools assist with disk cleanup and system optimization. Avast One has three plan tiers: Avast One Essential (free), Avast One Individual (paid, supports multiple devices), and Avast One Family (paid, supports up to 30 devices). Pricing varies based on promotions, with Avast One Individual typically around per year and Avast One Family ranging from to 0 per year. The suite can be downloaded directly from Avast's website, with installers available for various platforms. Avast One includes automatic updates and is designed to operate lightly on modern hardware, with options to minimize system impact during scans. Customer support includes self-help documentation, community forums, and direct support for paying customers. Avast One aims to appeal to both non-technical users and power users, providing a user-friendly interface while allowing for advanced configurations. The product is positioned as a comprehensive solution for households looking to secure multiple devices with a single subscription.

Tech Optimizer

June 11, 2026

9 Best Antivirus Software On G2: My Top Picks

Antivirus software can become overwhelming for organizations due to alert fatigue shortly after deployment. Analysts often struggle to prioritize notifications, leading to the mismanagement of legitimate tools and unclear incident timelines. A review of nine antivirus solutions based on G2's Winter 2026 Grid® Report identified the following top performers: 1. ESET PROTECT: Best for machine learning-driven endpoint protection; offers enterprise-grade security with a free trial available. 2. Sophos Endpoint: Best for ransomware prevention; provides centralized policy control with a free trial available. 3. ThreatDown: Cost-effective EDR with MDR flexibility; combines antivirus and endpoint detection with a free trial available. 4. CrowdStrike Falcon: Best for large-scale enterprise threat prevention; cloud-native platform with subscription-based pricing and a free trial available. 5. Check Point Harmony Endpoint: Best for unified endpoint and zero-trust protection; integrates malware prevention and phishing defense with a free trial available. 6. Microsoft Defender for Endpoint: Best for Microsoft-native environments; deeply integrated with Microsoft 365, licensed through enterprise agreements. 7. Kaspersky AntiVirus: Best for traditional malware protection; provides real-time protection against various threats. 8. SentinelOne: Best for autonomous AI-driven endpoint response; features automated remediation and ransomware rollback with a free trial available. 9. FortiClient: Best for Fortinet-centric environments; offers VPN access and security policy enforcement with a free basic client available. The analysis highlighted that effective antivirus solutions prioritize behavioral analysis over traditional signature-based detection, minimize false positives, and maintain low system impact during operation. Key factors for evaluating antivirus software include threat detection accuracy, centralized visibility, response capabilities, and deployment stability.

Winsage

June 10, 2026

PowerToys just made Command Palette extensions easier to install and manage

PowerToys has released version 0.100.0, introducing several new features and enhancements: - Command Palette now includes an Extension Gallery for managing extensions directly. - Improvements to Command Palette include enhanced parameter pages, bookmarks for inline parameters, and better accessibility. - Dock feature enhancements allow for separate customization for each monitor and drag-and-drop functionality. - Performance Monitor introduces a Battery widget and dock bands for CPU, memory, and network metrics. - Calculator enhancements include new functions and improved error messaging. - Reliability improvements include a pinned commands section and smoother navigation. - FancyZones received updates for better localization and guidance. - File Explorer fixes address crashes related to Markdown previews. - File Locksmith improvements enhance handling of Unicode file paths. - Grab And Move has been fully released. - Image Resizer supports live settings reload. - Keyboard Manager editor is redesigned and enabled by default. - Mouse Without Borders adds quick access to refresh connections. - Peek's settings allow toggling of file preview tooltips. - PowerDisplay is optimized for better performance. - PowerToys Run improves calculator functionality and documents third-party plugins. - Quick Accent updates enhance UI consistency and language support. - Settings interface has been refreshed for better usability. - Shortcut Guide redesigned for reliability and includes built-in manifests. - Workspaces has a modernized editor. - ZoomIt introduces webcam overlay capabilities and improved recording features. - Development tools and dependencies have been updated for smoother contributions.

Tech Optimizer

June 9, 2026

Fake ChatGPT download site infects Windows and Mac users with malware

A counterfeit website, openew[.]app, is impersonating OpenAI's official ChatGPT download page and distributing malware. Windows users who download from this site receive a credential-stealing malware loader, while macOS users are infected with Odyssey Stealer, a variant associated with cryptocurrency theft. The fake site mimics the legitimate ChatGPT interface and uses HTTPS to appear trustworthy. The Windows malware, Chat_GPT.exe, creates a back channel to an attacker-controlled server, while the macOS malware captures sensitive data and attempts to replace legitimate cryptocurrency wallet applications with compromised versions. Users who download from official sources remain safe, but those who click on ads or unfamiliar links risk compromising their online accounts and sensitive information. Malwarebytes offers protection against this malware. Indicators of compromise include specific file hashes and network indicators associated with the malicious site.

AppWizard

June 9, 2026

This New Computer Virus Is Disguising Itself As A Popular Video Game

Old-school gaming consoles are seeing a resurgence, but hackers are exploiting this trend with a malware campaign called "WeedHack," which emerged in January. This malware operates on a "Malware-as-a-Service" model, allowing users to purchase it to infect victims. WeedHack functions as a remote access infostealer, compromising computers to manipulate screens, access webcams, and steal sensitive data. It propagates by enticing users with unofficial "Minecraft" mods and clients, often using videos and download links as bait. Additionally, it employs "SEO poisoning" to promote fake websites as legitimate sources for these mods on platforms like Discord and Reddit. WeedHack disguises itself as a JAR file, similar to the official "Minecraft" client, and once executed, it installs its payload from Ethereum server domains. It can insert itself into antivirus exclusion lists, evading detection, and McAfee's tests show that Windows Defender is ineffective against it. The malware collects extensive information, including Wi-Fi networks and browser cookies, and grants hackers complete control over infected computers. The WeedHack virus serves as both malware and a training ground for aspiring hackers, structured into two tiers: a free version with core capabilities and a paid subscription for advanced features. A community has formed around WeedHack, offering tutorials, a Discord server, and a website for feature requests and custom payload creation. This community aspect lowers the barrier for newcomers, particularly targeting a younger audience that may not understand online safety.

AppWizard

June 8, 2026

5 Emergency Features To Enable On Your Android Phone Before It’s Too Late

The Google Play Store has launched a Personal Safety app that provides tools for emergency situations, including safety check-ins, medical information input, automatic location sharing with emergency contacts, and car crash detection for select devices. The Emergency SOS feature allows users to create shortcuts for quick access to emergency actions, such as calling services and recording video footage. Crisis Alerts notify users of nearby dangers, while Earthquake Alerts provide information on seismic activity. The Emergency Location Service (ELS) enables precise location sharing with emergency responders during calls or texts to emergency numbers.