digital Archives

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

Tech Optimizer

April 6, 2026

Scammers Want Our Data, Yet CNET Finds Many of Us Aren’t Protecting Our Devices

- 78% of US adults currently own a personal laptop, with HP (32%) and Apple (26%) being the most popular brands. - 54% of laptop owners have encountered potential malware on their devices in the past year. - 88% of those who reported seeing potential malware took action, while 12% did not respond. - 68% of proactive laptop owners either deleted the suspicious file or closed the website or pop-up. - 37% of laptop owners received phishing emails in the past year. - Many modern devices come equipped with built-in antivirus solutions, such as Microsoft Defender for Windows 11 and XProtect for Mac users. - 60% of users who acted upon encountering potential malware manually deleted files or closed suspicious websites, while 35% initiated antivirus scans. - Antivirus software alone cannot safeguard against data breaches or identity theft; a comprehensive cybersecurity strategy involves various tools and practices. - Recommended tools for online security include Bitdefender for antivirus, Aura for identity theft protection, Bitwarden for password management, and ExpressVPN for VPN services.

AppWizard

April 6, 2026

China Blocked Jack Dorsey’s Decentralized Messenger bitchat

Chinese authorities have ordered the removal of Jack Dorsey’s decentralized messaging app, bitchat, from the local App Store due to concerns about its potential to disrupt information control during civil unrest. Apple complied by removing both the main and beta versions of the app. The app remains accessible outside of China. Dorsey stated that the removal reflects bitchat's influence on public discourse. The Chinese regulator cited violations of regulations that require online services capable of swaying public opinion to undergo security reviews before launch. Bitchat operates independently of traditional internet infrastructure using Bluetooth and mesh networking technology, making it resistant to censorship. It has gained attention in regions with internet restrictions and was introduced in July 2025. Bitchat has over 3 million downloads, with more than 92,000 in the past week and over 1 million installs on Google Play. Additionally, Block, the parent company, recently reduced its workforce by about 40%, equating to around 4,000 employees, due to AI implementation and process optimization.

Winsage

April 6, 2026

Windows asks a networking question on a Stratford billboard

A network notification reading "Do you want to allow your PC to be discoverable…?" appeared on a billboard outside London's Stratford station, drawing attention from passersby and tech enthusiasts. This incident was noted by a reader of The Register and highlights the unpredictable nature of technology. Stratford station, established in the early 19th century, features modern amenities and is near the Queen Elizabeth Olympic Park, a legacy of the 2012 Summer Olympics. The display serves as a reminder of the user interface changes introduced with Windows 8, which was released in 2012.

AppWizard

April 5, 2026

‘Blockchain-powered’ game storefront reportedly shutting down and taking customers’ games with it

Robot Cache, launched in 2018 as a digital marketplace for reselling games using blockchain technology, has announced its closure due to an insufficient user base and sales momentum. An email from the Robot Cache team expressed gratitude for community support but acknowledged the decision to shut down the store. The platform has been largely inactive, with no original content posted on its X account since 2023 and a dwindling Discord server. Financial struggles included a failure to raise expected funds during a token generation event and generating only in revenue from game software sales in 2024, alongside an accumulated deficit exceeding million.

BetaBeacon

April 5, 2026

What is Tikcotech: Find out the best tricks for Android devices

Tikcotech is a mobile app that combines music, gaming, and app management into one platform. It was recognized as a significant advancement for Android users by an editorial team in July 2025. Users spend 30% more time on "super apps" like Tikcotech compared to single-purpose applications. The app comes in free and premium versions, offering features such as ad-free music playback, advanced game emulation, and unlimited app downloads. It is accessible to casual users and tech enthusiasts, with cross-platform compatibility. Machine learning algorithms and real-time computing provide a customized experience for users.

AppWizard

April 5, 2026

Tarn Adams, co-creator of Dwarf Fortress, has over 1,400 hours in Factorio and is currently obsessed with terraforming games: ‘Dwarf Fortress just doesn’t accommodate a full-on sci-fi thing’

Tarn Adams is the co-founder of Bay 12 Games and is best known for co-creating Dwarf Fortress, which was released in 2006 and is celebrating its 20th anniversary. He has recently been playing The Planet Crafter, a terraforming game, and has logged 1,454.5 hours in Factorio, a factory-building simulation. Adams does not have a single game he would never uninstall but frequently plays Caves of Qud. He uses Ableton, a music sequencer, as essential non-gaming software. His desktop is about half full with various folders and .txt files, including a nostalgic folder for BASIC games from the '80s.

AppWizard

April 5, 2026

Kremlin’s drive for a state-backed messenger touches a nerve for some

The Kremlin is promoting its state-backed messenger service, MAX, but many Russians are skeptical about it due to privacy and functionality concerns. The initiative occurs alongside extensive internet censorship and the blocking of popular messaging platforms like Telegram. While some users have adapted to MAX, the majority remain cautious. Officials justify MAX as essential for national security, arguing that foreign apps pose risks. The parent company, VK, claims 107 million users, expanding its reach beyond Russia. Opposition activists warn of potential state surveillance and user data access. Many users feel compelled to download MAX due to state requirements but prefer other options like Telegram. There is a strong sentiment among the public that app usage should be a personal choice, with critics expressing discontent over the government's approach to mandating downloads.

Winsage

April 5, 2026

Microsoft Copilot Cowork is Now Available to Windows Users

Microsoft has introduced early access to Copilot Cowork through its Frontier program, enhancing the Researcher feature to improve planning, analysis, and decision-making workflows. Copilot Cowork is an AI system designed to manage complex, multi-step tasks within Microsoft 365, allowing users to set outcomes and receive real-time updates while enabling adjustments as needed. It is based on the Claude Cowork framework by Anthropic. The Researcher tool now includes a Critique feature that uses two AI models, GPT and Claude, to improve response accuracy, resulting in a 13.8% performance boost on the DRACO benchmark. Additionally, the Model Council feature allows users to compare outputs from multiple AI models side by side. These updates are part of Wave 3 of Microsoft 365 Copilot, aiming to make AI a more active participant in work tasks.

AppWizard

April 4, 2026

Warframe community director says ‘nothing in our games will be AI-generated, ever’

Digital Extremes, the studio behind Warframe and Soulframe, opposes the use of AI in game development. Community Director Megan Everett stated that the company is "very non-AI" and emphasized that all content in their games will be created by humans. She expressed frustration with AI-generated content, stating that it causes uncertainty about the authenticity of art. Despite skepticism towards AI in the industry, some developers are still using AI, as seen with Arc Raiders, which initially utilized AI voice acting but is now shifting to handcrafted assets. A survey indicated that 90% of developers want clearer AI disclosures on platforms like Steam, while some games have included AI "placeholders" in final releases. This has led to concerns among creators about the influence of AI on their work.