domain Archives

Winsage

May 23, 2026

Windows 11 26H1: Microsoft’s driver changes target platform, WLAN, storage, and GPU debugging

Microsoft has refreshed its driver documentation for Windows 11 version 26H1, focusing on enhancements within the driver ecosystem rather than user-centric features. The Windows Driver Kit 10.0.28000.1839, released on May 4, 2026, is designated for driver development on this version and supports Visual Studio 2026. Networking drivers have been updated to support WPA3 Compatibility Mode Security, with an upgraded WiFiCx TLV parser and the removal of outdated WDI datapath definitions. The storage driver stack now accommodates SD Ultra Capacity (SDUC) for cards exceeding 2 TB and up to 128 TB. In graphics, kernel header definitions for GPU Process Debug Blob Collection have been introduced, and static analysis integration has been intensified with updated CodeQL suites. These updates aim to prepare the driver base for future hardware demands and improve driver quality and compatibility.

Winsage

May 22, 2026

Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures

Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries. Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million. Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.

Tech Optimizer

May 22, 2026

Threat Protection Pro: all you need to know about IPVanish’s anti-malware tool

Virtual Private Networks (VPNs) have evolved into comprehensive cybersecurity solutions, offering features like ad-blockers, antivirus software, and dark web monitoring. IPVanish offers a feature called Threat Protection Pro, available with the Advanced plan, which protects against malware, ads, and trackers. It enhances online security by blocking ads and tracking scripts, quarantining suspicious downloads, and preventing access to malicious websites. All IPVanish plans include core Threat Protection, utilizing DNS filters to combat trackers and malware across various platforms. Threat Protection Pro, launched in March 2026, provides 24/7 malware and antivirus protection, even when the VPN is not active. This feature is exclusive to Advanced-tier subscribers and currently supports Windows and Mac platforms. It employs VIPRE’s antivirus engine and initiates detailed measures to identify risks at multiple levels. Users can activate Threat Protection Pro through a straightforward setup process on Windows or MacOS. IPVanish allows unlimited devices per subscription and includes DNS and IPv6 leak protection, a kill switch, and a no-logs policy. Advanced users also have access to a Secure Browser for disposable browsing.

AppWizard

May 16, 2026

Google is bringing a long-awaited dialer update to Android

Google is testing a new feature for Android that allows users to dial contacts directly from their default phone dialer app for VoIP calls through apps like WhatsApp, Telegram, or Messenger. This feature, found in the Phone by Google app settings, enables third-party applications to integrate into the call history, allowing users to make VoIP calls without switching apps. It utilizes Android's telecom framework to display VoIP calls alongside traditional cellular calls. The feature is expected to be available on devices running Android 16.1 and above.

Winsage

May 14, 2026

Microsoft pits more than 100 AI agents against each other to find Windows vulnerabilities

Microsoft has introduced MDASH (Multi-Model Agentic Scanning Harness), a security solution that uses over 100 specialized AI agents to identify software vulnerabilities. On May 12, 2026, MDASH identified 16 new vulnerabilities (CVEs) in the Windows networking and authentication stack, four of which were critical, including remote code execution vulnerabilities in tcpip.sys, ikeext.dll, netlogon.dll, and dnsapi.dll. Ten of these vulnerabilities can be accessed over the network without authentication. MDASH operates through a four-stage pipeline: analyzing source code, scrutinizing for suspicious elements, debating the exploitability of issues, and attempting to exploit vulnerabilities. The system is model-agnostic and allows integration of new models and domain-specific knowledge. MDASH scored 88.45 percent on the CyberGym benchmark, ranking first among competitors, although the comparison may not be entirely fair as it contrasts a comprehensive framework with individual models. The models used to achieve this score are not specified. MDASH is supported by Microsoft's Autonomous Code Security Team and is currently in a limited private preview for select customers.

Winsage

May 11, 2026

New GhostLock tool abuses Windows API to block file access

A security researcher has developed a proof-of-concept tool called GhostLock, which exploits a vulnerability in the Windows file API, specifically the 'CreateFileW' function. By manipulating the 'dwShareMode' parameter to grant exclusive access to files, GhostLock can prevent other users or applications from opening those files, resulting in a 'STATUSSHARINGVIOLATION' error. The tool automates the process of opening multiple files on SMB shares, causing access disruptions without requiring elevated privileges. This technique is intended as a disruption attack rather than a destructive one, similar to ransomware, and can serve as a diversion during intrusions. Detection of this attack relies on monitoring the open-file count with ShareAccess set to 0 at the file server layer. Dvash has provided resources for IT teams to enhance detection capabilities against this threat.

TrendTechie

May 11, 2026

Пираты «угнали» Forza Horizon 6 и другие игры на торренты до официального релиза

Playground Games accidentally uploaded an unencrypted 155 GB repository of their racing arcade title to Steam, leading to its appearance on torrent sites before the official launch scheduled for May 19. Additionally, Supermassive Games' interactive cinematic experience, Directive 8020, was also leaked shortly before its release. Xbox owners gained early access to LEGO Batman: Legacy Of The Dark Knight, set to officially release on May 22, due to an error during the pre-load phase that allowed players to access additional content.

Winsage

May 11, 2026

Omnissa adds Windows Server management to Workspace ONE

Omnissa has integrated Windows Server management into its Workspace ONE Unified Endpoint Management (UEM) platform, allowing organizations to manage Windows Server alongside various endpoints from a single cloud-based system. This integration aims to address challenges faced by IT teams that rely on separate tools for server management, which can increase costs and complicate operations. The inclusion of Windows Server enables IT teams to apply policies, automate tasks, and maintain visibility across devices. Hemant Sahani, Vice President of Product Management at Omnissa, noted that this approach offers cost benefits compared to traditional solutions like Microsoft System Centre Configuration Manager, enhancing security and streamlining server lifecycle management. The new support includes over-the-air configuration management, allowing enforcement of security policies and automation of patching. Administrators will have access to remote inventory data and insights into system performance and security issues, leveraging AI and machine learning. The integration allows for the consolidation of management tools, reducing the number of consoles IT staff must navigate. CDW has endorsed this launch, highlighting its potential to simplify operations and improve security for customers. Omnissa currently serves 26,000 customers globally in various domains, including unified endpoint management and security compliance.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

Tech Optimizer

May 10, 2026

Query billion-scale vectors with SQL: Integrating Amazon S3 Vectors and Aurora PostgreSQL

For managing relational data within Amazon Aurora PostgreSQL and enhancing capabilities with similarity search over large embedding collections, an integration with Amazon S3 Vectors is available. This integration utilizes the pgvector extension for low-latency similarity searches on vectors stored in the database. Amazon S3 Vectors provides cost-effective storage for extensive datasets, scaling to hundreds of millions or billions of embeddings. The integration, facilitated through AWS Lambda, allows users to query S3 Vectors directly from Aurora PostgreSQL using standard SQL, enabling the combination of vector similarity results with relational filters in a single query. The integration offers benefits such as basic key-value metadata support in S3 Vectors for simple filtering, while Aurora PostgreSQL is optimal for complex SQL filters, multi-table joins, and access-control policies. The architecture separates concerns, with Lambda handling API integration and Aurora managing relational data. Security is maintained through IAM role separation and network security measures. Data consistency considerations arise due to the distribution of data across Aurora PostgreSQL and S3 Vectors, necessitating explicit synchronization processes to manage potential stale results. The integration is suitable for use cases that can tolerate eventual consistency, such as recommendations and content discovery. Performance expectations include Lambda invocation latencies of 100-500 milliseconds, while Aurora pgvector typically provides single-digit millisecond response times. S3 Vectors achieves sub-second performance for cold queries and less than 100 milliseconds for warm queries. From a cost perspective, S3 Vectors is more economical than Aurora, making it suitable for high-volume vector data that requires archiving and queryability. The integration architecture consists of three components: Aurora PostgreSQL, AWS Lambda for API translation, and S3 Vectors for executing similarity searches. A typical query involves several stages, including SQL query invocation, function processing, API translation, similarity search, and result processing. Prerequisites for this integration include familiarity with Aurora PostgreSQL, AWS Lambda, vector databases, and SQL. Required AWS resources include an Aurora PostgreSQL cluster, a VPC with internet access, and appropriate permissions for IAM roles and Lambda functions. To deploy the integration, users must gather configuration values from their Aurora cluster, deploy a CloudFormation stack, associate the IAM role, update the Lambda function code, and install the necessary PostgreSQL schema. Sample data can be uploaded to the S3 Vectors index, allowing for testing of vector operations and combined queries. When combining relational and vector queries, developers should be aware of the trade-offs involved in pre-filtering data by metadata, which can improve performance but may reduce recall. Troubleshooting may involve addressing connectivity issues, IAM role misconfigurations, and performance optimizations. To clean up resources after testing, users should remove the PostgreSQL schema, disassociate the Lambda role from the Aurora cluster, and delete the CloudFormation stack to ensure all resources are removed.