digital assets Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

AppWizard

February 26, 2026

New York Sues Valve Over Loot Boxes, Calls Them Illegal Gambling

New York Attorney General Letitia James has filed a lawsuit against Valve, the creator of Steam, regarding loot boxes in games like Counter-Strike 2, Dota 2, and Team Fortress 2, claiming they promote gambling behaviors among youth. The state seeks to stop Valve's use of loot boxes and impose financial penalties. The lawsuit argues that loot boxes resemble traditional slot machines and that items obtained can be traded for real-world value, with a virtual gun skin from Counter-Strike 2 reportedly selling for over a million dollars in 2024. The lawsuit claims Valve intentionally makes high-value items rare to increase their perceived worth and highlights the potential for addiction and illegal gambling, particularly among young people. Valve has not yet responded to the lawsuit.

Winsage

February 17, 2026

Windows 11 KB5077181: Update causes boot loops, DHCP errors, and sign-in failures

Wibu-Systems has partnered with Microsoft Learn to enhance educational initiatives aimed at equipping developers and IT professionals with tools and knowledge for implementing effective security measures in software development. This collaboration integrates Wibu-Systems' security solutions into Microsoft's educational framework, promoting best practices for application protection and reducing vulnerabilities. The partnership addresses the growing demand for secure software solutions and positions Wibu-Systems as a leader in the market.

Tech Optimizer

February 1, 2026

When Digital Guardians Turn Rogue: Inside the eScaneS an Antivirus Supply Chain Attack That Exposed Millions

eScan, an antivirus solution, has become a conduit for a supply chain attack that may have affected millions of users through a compromised software update mechanism. The attack exploited eScan’s automatic update system, distributing malware via official channels that appeared legitimate, thus bypassing traditional security measures. Reports indicate that supply chain attacks have increased by over 300% in the past three years, with software update mechanisms being prime targets. The exact number of affected users is still under investigation, but the breach occurred over a limited period before detection. Enterprises using eScan now face vulnerabilities in their security infrastructure, prompting IT departments to conduct forensic analyses to determine if their networks were compromised. The breach raises concerns about digital security as users typically rely on antivirus solutions for protection. Researchers found that the malware used advanced techniques, including multi-stage deployment and polymorphic behavior to evade detection, indicating significant resources behind the attack. In response, eScan has initiated an incident response protocol, revoked compromised digital certificates, and added verification layers to its update system. However, restoring user trust will require transparency about the breach and preventive measures. The incident has led to widespread security audits across the antivirus sector and may accelerate the adoption of zero-trust security models. Regulatory inquiries are underway regarding eScan's data protection practices, and legal experts anticipate class-action lawsuits from affected users and enterprises. The breach highlights a trend where attackers target security infrastructure itself, making software distribution security a critical focus for cybersecurity professionals. Proposed solutions include blockchain-based verification systems and industry-wide standards for supply chain security. The eScan breach underscores that no organization is immune to sophisticated supply chain attacks, as compromising a security vendor can provide access to its entire customer base. Increased information sharing about supply chain threats is advocated to enhance collaboration within the security industry. Moving forward, eScan must balance technical remediation with transparent communication to rebuild trust, while users are advised to implement defense-in-depth strategies rather than relying solely on one security tool.

Tech Optimizer

January 30, 2026

When Digital Guardians Turn Rogue: Inside the Avast Antivirus Supply Chain Attack That Exposed Millions

Avast's automatic update system was compromised, allowing malicious code to be distributed through its official channels, affecting potentially millions of users. This breach is characterized as a sophisticated supply chain attack, which exploited the software update mechanism, making it difficult to detect as the malware appeared legitimate. Security analysts noted a 300% increase in supply chain attacks over the past three years, with this incident highlighting vulnerabilities in security solutions. Avast has initiated an incident response, revoked compromised digital certificates, and is collaborating with cybersecurity firms to address the breach. European regulators have begun inquiries into Avast's data protection measures, and legal experts anticipate class-action lawsuits from affected users. The incident underscores a trend of attackers targeting security infrastructure itself, prompting calls for improved software distribution security and industry-wide standards.

Winsage

January 28, 2026

Google Warns of Active WinRAR Exploits Targeting Unpatched Windows Systems

Google has raised concerns about ongoing cyberattacks exploiting a critical vulnerability in WinRAR, identified as CVE-2025-8088. This vulnerability allows malicious actors to deploy malware and espionage tools on unpatched systems. Users are advised to update WinRAR to the latest version, regularly check for software updates, employ comprehensive security solutions, and stay informed about cybersecurity threats.

Winsage

December 28, 2025

Microsoft Optimizes Windows 11 File Explorer to Slash RAM Usage

Microsoft is addressing criticism regarding Windows 11's File Explorer performance, particularly its excessive RAM consumption during searches. The company is testing optimizations aimed at reducing memory usage while maintaining speed, originating from an Insider Preview build. These changes involve eliminating duplicate indexing tasks, which could lead to a 20-30% reduction in RAM usage during intensive search sessions. Additionally, the update includes a streamlined context menu in File Explorer to enhance usability. Insider feedback has been positive, with users reporting smoother performance across various devices. The optimizations may also improve system stability and scalability in enterprise environments. However, some users express skepticism about whether these fixes are temporary solutions to deeper architectural issues. The full benefits of the update are expected to materialize once it reaches general availability, anticipated in early 2026.

AppWizard

December 12, 2025

Sam Altman’s Biometric ID ‘Super App’ Launches Encrypted Messaging and Crypto Payments

World, supported by Sam Altman, launched an upgraded application featuring encrypted messaging and enhanced cryptocurrency payment capabilities. The app allows users to confirm their identity as unique humans online through biometric authentication with World ID. Key features include: - World Chat offers Signal-level encryption and color-coded verification badges for user identity confirmation. - Users can receive paychecks and bank deposits directly in the app and convert funds to cryptocurrency. - The company has verified under 20 million people and aims to reach one billion iris scans. - The app includes social features aiming to create a messenger platform similar to WhatsApp or Telegram, with a focus on security. - Users verify their identity by having their iris patterns scanned by an Orb device, which converts the data into encrypted digital codes for World IDs. - Orb Minis, handheld devices for home self-scans, were introduced to ease the verification process.

AppWizard

December 10, 2025

OneBullEx Releases Its Official Android App

OneBullEx has launched its first native Android application, available for download on the Google Play Store and via a QR code on its website. To celebrate the launch, the platform is conducting a global giveaway campaign, rewarding users who download the app with exclusive perks. The app allows users to complete the onboarding process, access wallet balances, transaction history, and essential dashboard components, facilitating futures trading. The launch addresses a trend of users preferring mobile access for trading, providing a faster and more reliable interface than mobile browsers. The app integrates OneBullEx’s security framework, featuring device authentication and encrypted session management. Future updates will introduce alerts, market trackers, and additional trading functionalities. OneBullEx is a derivatives trading platform offering USDT-settled perpetual futures and automated trading systems, backed by OneMore Group.

Tech Optimizer

December 4, 2025

Cyber security essentials with WSA partner PureCyber

Cyber security is crucial for organizations in the sport and leisure sector to protect digital assets from hackers and cybercriminals. Neglecting cyber security can lead to financial losses, reputational damage, operational disruptions, and legal issues. Key practices for enhancing cyber security include keeping software updated, using strong passwords, training employees, and employing firewalls and antivirus solutions. The Welsh Sports Association (WSA) has partnered with PureCyber to offer a subscription service called Foundations, which provides various cyber security benefits such as incident response, phishing simulations, endpoint detection and response, dark web monitoring, employee training, Microsoft 365 protection, and vulnerability management. WSA members can access this service at preferential rates, and a Lunchtime Learning session will be held to improve skills within member organizations. Interested parties can contact Maria Lopez for more information on the subscription.