DNS Archives

Winsage

March 5, 2026

Microsoft’s latest Windows 11 updates are “deleting the internet” for many: Possible fixes explored

A critical bug in Windows 11 builds 24H2 and 25H2 is causing users with Ethernet connections to lose internet access after installing updates KB5066835 and KB5065789. Users have reported issues on Microsoft’s Q&A forums, and rolling back the operating system is recommended. Possible fixes include performing a full network reset, flushing DNS and resetting TCP/IP via Command Prompt, editing the registry, and using hardware bypass solutions like USB-to-Ethernet or USB-to-WiFi adapters.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

February 28, 2026

Announcing Windows 11 Insider Preview Build 28020.1673 (Canary Channel)

Windows 11 Insider Preview Build 28020.1673 has been released to the Canary Channel. Key updates include: - Emoji 16.0 release with new emojis available in the emoji panel. - Introduction of a sign-in restore experience for Windows Backup for Organizations, reinstating user settings and Microsoft Store apps. - Quick Machine Recovery (QMR) is now automatically enabled for enterprise-managed Windows Professional devices. - A built-in network speed test accessible from the taskbar for measuring network performance. - Enhanced account menu in the Start menu directing users to Microsoft account benefits. - Pan and tilt controls for supported cameras available in the Settings app. - Widget Settings have been updated to a full-page experience. - Search function in the taskbar now displays group headers with the number of results and allows previewing results. - Support for Remote Server Administration Tools (RSAT) on Windows 11 Arm64 devices. - Improvements to dark mode in File Explorer and fixes for unexpected window behavior. - Reliability improvements in Settings for Bluetooth & Devices options. - Enhanced reliability for sending larger files via nearby sharing. Features are gradually rolled out, and a clean installation is required to exit the Canary Channel.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

AppWizard

February 15, 2026

Max Cometh: What The Blocking Of WhatsApp, Telegram Means For Millions Of Russians

Russian authorities have been implementing a "sovereign Internet" initiative, which involves controlling digital communication and filtering information accessed by citizens. Recently, on February 11, Roskomnadzor removed WhatsApp from the National Domain Name System, effectively erasing it from the Russian digital landscape, which impacts over 100 million users. Two days earlier, Telegram experienced significant slowdowns, leading to fines for alleged non-compliance with Russian law. The government has been promoting the state-controlled messaging app, Messenger Max, developed by VK, as an alternative to popular platforms like WhatsApp and Telegram. The recent removal of 13 domain names, including those of major news outlets, marks a significant escalation in efforts to control digital information and is part of a broader strategy established since 2019 to impose stringent Internet regulations. This includes the establishment of a Russian National Domain System that allows Roskomnadzor to dictate website accessibility within the country, raising concerns about the potential instability and isolation of the Russian Internet.

AppWizard

February 13, 2026

Russia blocks YouTube and WhatsApp

Russia's internet regulator, Roskomnadzor, has made YouTube inaccessible in the country by removing its domain from the National Domain Name System (NDNS) servers, which prevents direct access without a VPN. YouTube is now blocked along with WhatsApp, as part of a broader crackdown on digital communication tools. The NDNS serves as a government-mandated alternative directory that restricts telecommunications providers to using it exclusively, allowing centralized control over website accessibility. Roskomnadzor has removed 13 domain names from NDNS, including those of international news outlets and social media platforms. A survey indicates that 46% of Russian users utilize VPNs to access YouTube, but 24% still experience connectivity issues. Users report frustration with internet access quality and potential repercussions from government legislation against searching for "extremist material" or using VPNs. Experts warn that reliance on NDNS could limit normal DNS functionality and highlight risks associated with VPN use, including government manipulation of IP addresses. Roskomnadzor cites violations of Russian law to justify its control over platforms like Telegram.

TrendTechie

February 12, 2026

США конфисковали домены трех крупнейших торрент-трекеров ЕС

U.S. law enforcement, in collaboration with Bulgarian authorities, has seized the domains zamunda.net, arenabg.com, and zelka.org due to copyright infringement related to pirated content. This operation was authorized by a U.S. District Court ruling and coordinated by the U.S. Department of Homeland Security, Europol, and Bulgarian officials. The domains, which were managed by U.S.-based registrars, have been redirected to U.S. control, displaying an official seizure notice. A significant portion of the content on these sites is owned by American companies, allowing U.S. jurisdiction. Bulgaria has been working to combat piracy since at least 2020 and was recently placed back on the U.S. Trade Representative's "Special 301 Report" list for insufficient progress. The servers hosting the trackers may be located outside Bulgaria, complicating their seizure. This operation highlights the risks faced by piracy platforms linked to international domains.

AppWizard

February 11, 2026

Product showcase: PCAPdroid analyzes Android app network activity

PCAPdroid is a free, open-source application for monitoring network traffic on Android devices. Users can capture traffic by accepting a VPN request and can view active and historical connections, detailing the application, protocol, destination address, and connection status. Traffic can be categorized by application, providing information such as installation date, version, and permissions. PCAPdroid offers various dump modes, allowing users to view traffic in real-time or save it as a PCAP file, and enables sharing captures via a local web page or forwarding live traffic to another machine using UDP or TCP. The app can extract information from captured traffic, including DNS requests, TLS server names, and HTTP requests. It also has the capability to decrypt HTTPS/TLS traffic, which requires a setup process involving a helper add-on and a certificate. Successful decryption allows users to view and export previously encrypted traffic, although not all apps support this feature.

Tech Optimizer

January 30, 2026

NordVPN blocks 92% malicious sites in independent phishing test

NordVPN successfully blocked 92% of phishing websites in an evaluation by AV-Comparatives, highlighting the effectiveness of its anti-malware tool, Threat Protection Pro. The assessment, conducted from January 7 to January 19, 2026, analyzed 250 phishing URLs, with NordVPN's Threat Protection Pro ranking fourth among tested products. The tool is designed to protect users from various online threats and operates at the network level, scanning traffic directly on the user's device. Threat Protection Pro is available to higher-tier subscribers on the Plus, Complete, and Ultra plans, and is compatible with Windows and macOS. Despite slipping from previous podium finishes, Threat Protection Pro has consistently ranked high in evaluations and was the first VPN service to receive AV-Comparatives' approval for anti-phishing protection in 2024. It also received accolades from AV-TEST and West Coast Labs for its phishing detection capabilities.

TrendTechie

January 30, 2026

США отобрали доменные имена у трех знаменитых торрент-трекеров с многомиллионной аудиторией

Правоохранительные органы США и Болгарии совместно с Европолом провели операцию, в результате которой были изъяты доменные имена у трех крупных болгарских торрент-трекеров, признанных распространителями пиратского контента. Власти Болгарии пытаются закрыть эти ресурсы с 2020 года, но ранее не могли этого сделать из-за нахождения владельцев доменов за пределами страны. DNS-сервера ns1.seizedservers.com и ns2.seizedservers.com теперь под контролем США, и пользователи видят уведомление о конфискации. Судьба серверов, поддерживающих торрент-трекеры, остается неясной, и если они продолжат функционировать, могут появиться новые домены. Болгарские власти также пытались закрыть трекер RARBG, который продолжает работать. Болгария была исключена из списка стран, подлежащих наблюдению в 2018 году, но в 2023 году вновь оказалась в нем из-за недостаточного прогресса в борьбе с нарушениями прав интеллектуальной собственности. Власти Болгарии искали поддержку от ICANN и проводили деловые визиты в США для обсуждения мер против интернет-пиратства.