documents Archives

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

AppWizard

June 16, 2026

50+ Samsung Galaxy Store apps spread phone malware

Samsung's Galaxy Store had over 50 applications that unknowingly distributed a hidden Android trojan named MagicAd, which has since been removed. Users who downloaded these apps may still have the malware on their devices, as it establishes persistent background services that remain after the app is uninstalled and hides its icon. Signs of infection include unsolicited ads, battery drain, and unexplained data usage. The malware evades detection by assessing its environment and concealing its core code in encrypted files. Developers rotated the infected apps to maintain persistence and generated revenue through fraudulent ad impressions. Users are advised to run security scans and consider a factory reset if symptoms persist, ensuring to back up important files without including app settings. No app store can guarantee the exclusion of all threats, so users should check ratings and download counts before installing applications.

Winsage

June 16, 2026

Start

The Start interface in Windows 11 is a centered floating window that can be accessed by clicking the Start button or using keyboard shortcuts like WINKEY or Ctrl + Esc. Key features include a Search box for initiating searches, a customizable Pinned section for frequently used apps, a Recommended area for recently accessed items, and an All section displaying all installed apps. Users can manage their account through the Account manager, access power options for Lock, Sleep, Shutdown, and Restart, and connect mobile devices via the Phone Link app. Customization options for the Start interface include moving the Start and Taskbar icons to the left, configuring Windows Search settings, and customizing the Pinned and Recommended sections. Users can pin, unpin, and rearrange app shortcuts in the Pinned section, adjust what appears in the Recommended section, and choose between different layout views in the All section. The Account manager allows limited customization of notifications, and users can add folders and mobile device slices to Start. The Quick link menu provides access to legacy management interfaces and can be accessed by right-clicking the Start button or using WINKEY + X.

AppWizard

June 15, 2026

How to Use Meta AI on Meta Apps

Meta AI is integrated into WhatsApp, Instagram, Facebook, and Messenger, providing functionalities like chat, search, image generation, and automated customer support through the Meta Business Agent. Its availability varies by country, account type, app version, and language. Users should be aware that seeing a colleague's blue Meta AI ring in WhatsApp while they do not may indicate a rollout flag on Meta's end rather than an app malfunction. Meta AI can answer queries, suggest ideas, generate images from prompts, clarify messages, assist with searches, and support customer interactions for business accounts. It is linked to the Llama model family, including Llama 2 and Llama 3. To use Meta AI on WhatsApp, users need to update the app and can start a chat by locating the Meta AI button or circle. They can ask practical questions, request image generation, and utilize it in group chats. On Instagram, it enhances DMs and search functions, allowing users to create AI chats for content ideas and captions. In Messenger, there is an "Ask Meta AI" bar for direct interactions. Users can also utilize Meta AI on Facebook for search and content discovery. The Meta Business Agent is a version of Meta AI for businesses, providing 24/7 responses to customer inquiries. It can be set up in Meta Business Suite or WhatsApp Business. Privacy measures should be considered, as users cannot entirely disable Meta AI and should avoid sharing sensitive information in chats. For better responses, users should provide context and constraints in their prompts and consider training in prompt design and AI risk management for professional use.

AppWizard

June 15, 2026

Your inbox might finally get quieter now that Google is taking down a major AI scam ring

Google has filed a lawsuit against the alleged China-based "Outsider Enterprise" network for using Gemini AI to conduct extensive phishing scams. The company is working with the FBI and major telecommunications carriers, including AT&T, T-Mobile, and Verizon, to intercept scam messages. Investigators have linked the operation to over 9,000 counterfeit websites and more than one million malicious URLs, primarily targeting Android users. The "Outsider" phishing platform offered over 290 website templates for mimicking banks and other entities, utilizing AI-generated code. Google is also supporting seven bipartisan bills aimed at combating AI-driven fraud and has implemented AI-driven defenses that block over 10 billion malicious messages each month.

Tech Optimizer

June 14, 2026

Automate Amazon Aurora PostgreSQL major or minor version upgrade using AWS Systems Manager and Amazon EC2

Managing upgrades for the Aurora PostgreSQL-Compatible Edition can be labor-intensive and error-prone when done manually. Automating Amazon Aurora PostgreSQL upgrades can reduce manual effort by up to 80% and minimize downtime risks through consistent procedures. The automation solution uses AWS Systems Manager, Amazon EC2, and AWS Secrets Manager, structured around two modules: PREUPGRADE for readiness checks and UPGRADE for the actual upgrade process. The solution identifies upgrade candidates using database tags, creates safety backups with Copy-on-Write clones, manages the upgrade process with minimal human intervention, and offers real-time monitoring and email notifications. The workflow includes logging into the Systems Manager console, downloading the upgrade script, identifying Aurora PostgreSQL clusters based on tags, retrieving credentials from AWS Secrets Manager, executing pre-upgrade checks or upgrades, uploading log files to Amazon S3, and sending email notifications via Amazon SNS. Prerequisites include familiarity with the Aurora upgrade process, appropriate IAM permissions, creating a maintenance user, setting up AWS Secrets Manager, tagging Aurora clusters, creating an S3 bucket, and configuring an SNS topic for notifications. Implementation steps involve reviewing setup instructions, uploading the upgrade script to S3, creating an AWS Systems Manager automation document, executing the automation document, and monitoring the upgrade process through logs generated during pre-upgrade and upgrade phases. The logs provide detailed information on tasks performed, including replication slot status and configuration backups. After testing, it is recommended to clean up resources to avoid future charges.

AppWizard

June 11, 2026

Android Auto Got A Useful New Supported App For June 2026

Adobe has released an update (v26.5.0.45958) for Android Auto on June 5, which adds PDF support. This update includes a Read Aloud feature that allows users to listen to audio renditions of their PDFs. Not all PDFs are compatible with this feature, as only certain documents will trigger the Android Media player when selected. Users must ensure that Adobe Acrobat is updated on their Android smartphones to access this capability. Additionally, future enhancements for Android Auto are expected in 2026, including widgets, HD video playback while parked, and improved integration with Google's AI agent, Gemini.

Tech Optimizer

June 10, 2026

Microsoft Open-Sources PostgreSQL Extension for In-Database Durable Execution

Microsoft has introduced pg_durable, a PostgreSQL extension that enables developers to execute durable workflows within the database, reducing the need for external orchestration systems. It simplifies workflow management by allowing developers to express long-running, fault-tolerant SQL functions directly in SQL, managing execution concerns like retries and recovery. Workflows are defined in SQL, with the extension handling retry states, progress tracking, and checkpointing. A pg_durable function operates as a graph of SQL steps that can resume from the last durable checkpoint after a failure. The extension preserves execution states within PostgreSQL tables, ensuring workflows can withstand crashes and restarts. It includes a domain-specific language (DSL) for scheduling and parallel execution. An example of a durable function is provided, demonstrating sequential and parallel execution using specific operators. pg_durable is particularly useful for vector embedding pipelines and scheduled maintenance tasks. Architecturally, it consists of a PostgreSQL extension and a background worker built on Rust libraries, without any external control plane. Durable execution allows long-running workflows to automatically resume from failure points, simplifying distributed system architecture.

AppWizard

June 10, 2026

France’s Government Messaging App Tchap Got Breached

On June 7, 2026, Tchap, the French government's encrypted messaging platform for civil servants, experienced a significant breach detected by ANSSI. The breach resulted from a compromised user account and involved the education shard of Tchap, specifically targeting matrix.agent.education.tchap.gouv.fr. Approximately 650,000 messages, data from over 73,000 accounts, and about 13.5GB of documents and media files were allegedly scraped. The attacker also claimed to have discovered hardcoded LDAP credentials leaked through a PowerShell script shared by a regional director of the French tax authority. DINUM, the French Digital Affairs Directorate, stated that private conversations on Tchap are end-to-end encrypted and that the compromised account has been blocked. They notified CNIL about the potential exposure of personal data and reminded users to avoid sharing sensitive information in public chat rooms. The breach follows a mandate from Prime Minister François Bayrou in August 2025 requiring all civil servants to use Tchap, increasing its attractiveness as a target for cyber threats. The investigation into the breach is ongoing.

AppWizard

June 10, 2026

Tchap Breach: France’s State Messenger Compromised

On June 7, an unauthorized individual accessed a user account on the Tchap messaging platform, which is used by France's government. The Digital and Numérique Agency (DINUM) identified and blocked the compromised account, but the breach raised significant security concerns. The attacker claimed to have accessed about 14GB of documents and data from public Tchap rooms, including sensitive information such as hardcoded LDAP credentials, email addresses, meeting links, and organizational details. It was revealed that public chatrooms on Tchap do not use end-to-end encryption, making shared information accessible to anyone logged into the account. The incident has implications for the credibility of government-developed secure communication tools.