domain Archives

Winsage

May 6, 2026

The Microsoft/OpenAI breakup: What does it actually mean for Copilot and other AI apps on your Windows 11 PC?

Microsoft's partnership with OpenAI has shifted from an exclusive agreement to a non-exclusive one, allowing OpenAI to offer its products on various cloud platforms while Microsoft remains its primary cloud partner. Microsoft is facing potential challenges, including its worst quarterly performance since 2008 and internal sales cuts due to low interest in its AI offerings. Despite this, CEO Satya Nadella reported that Microsoft 365 Copilot has reached 20 million paid enterprise seats, with user engagement increasing. However, there are concerns about the willingness of Microsoft 365 and Office 365 users to pay for Copilot. The non-exclusive agreement may weaken Microsoft's competitive edge, as OpenAI can now license its models to competitors. Microsoft is developing its own in-house AI models and has made leadership changes within its Copilot division to secure its position in the AI market. The future of Copilot in Windows 11 remains uncertain, but Microsoft continues to innovate with AI features across its platforms.

Winsage

May 5, 2026

April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver

Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 29, 2026

New Android spyware Morpheus linked to Italian surveillance firm

Morpheus is a new spyware identified by the nonprofit organization Osservatorio Nessuno, which spreads through counterfeit Android applications that appear as legitimate updates. Attackers use SMS messages to direct victims to a fraudulent website mimicking an Internet Service Provider (ISP). The spyware installs a dropper app that deploys a concealed payload, which disguises itself as legitimate system components and manipulates users into granting dangerous permissions, including Accessibility access. Once granted, Morpheus initiates a Permission Workflow that creates a fake update overlay, disabling the touchscreen to prevent user interaction. It ensures persistence by restarting after device reboots and can request device administrator privileges. The spyware exploits overlay windows and Accessibility features to gain control of the device and bypass security measures, including disabling antivirus solutions without requiring root access. Analysis suggests Morpheus has Italian origins, with connections to an Italian firm, IPS Intelligence, known for lawful interception technologies. The spyware is capable of invasive actions such as recording audio and video, linking to WhatsApp, and compromising device security. The report highlights a network of dubious companies and shared contacts linked to the spyware's distribution.

AppWizard

April 28, 2026

These 3 Android Apps Can Block Ads On Your Phone

Users are increasingly seeking effective solutions to enhance their browsing experience in digital advertising, with some opting for methods beyond traditional ad-blockers, such as configuring a private DNS server to filter ads at the system level. This method can face challenges, including certain applications circumventing settings and networks blocking custom DNS configurations, which may lead to connectivity issues. DNS-based ad-blocking can disrupt app functionality or create voids where ads would typically appear. NextDNS offers customizable blocklists for ad-blocking and functions as a customizable endpoint, requiring users to set it up through Android's native DNS settings. It provides a dashboard with parental controls, tracking protection, and analytics tools, free for up to 300,000 queries per month. AdLock focuses on system-wide ad-blocking across various platforms and requires users to download the APK and subscribe for use on multiple devices, starting at .05 per month. It does not allow ads to be displayed and includes a safety check feature for potential threats. Total AdBlock, developed by Total Security Limited, offers free and premium versions, with the premium version providing full functionality, including ad-blocking on YouTube. It has a high effectiveness score on the AdBlock Tester tool and includes features like content blocking and direct support access. The curated list of ad blockers targets options that do not require root access and are cost-effective, designed to operate at the device level for Android users, as the default Chrome browser does not support extensions. Trustworthiness and reputation were key factors in the selection process, focusing on maintaining a clean browsing experience without invasive tracking mechanisms.

AppWizard

April 26, 2026

Zenless Zone Zero coming to Steam later this year

Zenless Zone Zero is set to be released on PC in the second quarter of 2026, with a Steam page now available for pre-release tests and a goal of reaching 300,000 wishlists for a milestone event. The game received a mixed review score of 55% from Kerry Brunskill, who described it as a "shallow, polished front for a relentless online store." Developer MiHoYo, known for successful titles like Genshin Impact and Honkai: Star Rail, previously achieved 50 million downloads of Zenless Zone Zero within a week of its initial launch. There were speculations about a 40% chance of HoYoverse games coming to Steam due to concerns over revenue cuts, but the games have a strong following that may allow them to succeed without Steam. The Epic Games Store has faced criticism, and the release of Zenless Zone Zero may test its appeal compared to other storefronts.

Tech Optimizer

April 26, 2026

CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister

On April 21, 2026, compromised versions of pgserve (1.1.11, 1.1.12, and 1.1.13) were published on npm, containing a 1,143-line credential-harvesting script that executes during the postinstall phase of npm install. The malware functions as a supply-chain worm, reinjecting itself into other packages if it finds an npm publish token. Stolen credentials are encrypted using RSA-4096 and AES-256 and exfiltrated to a decentralized Internet Computer Protocol (ICP) canister. The last legitimate release was v1.1.10, published on April 17, 2026. The malware was detected by StepSecurity AI Package Analyst and Harden Runner, which flagged the compromised versions as Critical / Rejected and confirmed live exfiltration during analysis. The injected script performs operations such as harvesting environment variables, collecting filesystem secrets, encrypting payloads, and propagating to other npm packages and Python packages if a PyPI token is detected. The exfiltration domains have been added to a global block list.

Tech Optimizer

April 24, 2026

Fileless Malware and Email Authentication Gaps

Fileless malware operates stealthily within networks, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute malicious code in memory without leaving traces on disk. Traditional antivirus solutions struggle to detect these threats due to their reliance on file signatures. The primary vector for fileless malware is email, where attackers use spoofed messages to trick users into activating malicious scripts. Misconfigurations in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records create vulnerabilities that attackers exploit to deliver spoofed emails. Traditional endpoint protection mechanisms are inadequate against fileless attacks, necessitating a shift towards behavioral analysis for detection. Organizations must assess their preparedness by ensuring proper email authentication configurations and enhancing endpoint security capabilities. Integration among security teams and updated employee security awareness programs are also essential. Sendmarc helps organizations mitigate vulnerabilities by providing visibility into SPF, DKIM, and DMARC configurations and enforcing DMARC to block unauthenticated messages.

AppWizard

April 23, 2026

The 7th Guest Remake launches in June, bringing back one of the earliest PC CD-ROM games

PC CD-ROM drives led to the development of notable games like Myst, Star Wars: Rebel Assault, and The 7th Guest. Nintendo secured rights for The 7th Guest for a planned SNES CD add-on, which was never released. In 2023, The 7th Guest was re-released on the Nintendo eShop after three decades. Vertigo Games is remaking The 7th Guest, featuring reimagined puzzles and environments, with a scheduled launch on June 4th, priced at .99, available on PS5, Xbox Series, and PC, with a Nintendo Switch version expected later. Owners of The 7th Guest VR on Steam or PlayStation will access the remake for free, and those who purchase the remake on Steam or PS5 will receive The 7th Guest VR for free on Steam VR or PlayStation VR2.

Tech Optimizer

April 23, 2026

Everywhen issues six checks to spot unsafe websites

Everywhen has released guidelines to help organizations identify unsafe websites and combat online fraud. The guidance includes six checks users can perform before visiting unfamiliar sites: 1. Utilize website safety checker tools like Google Safe Browsing and Norton Safe Web. 2. Verify the site contains standard business information, such as contact details and social media links. 3. Conduct reputation checks by reviewing public feedback for complaints related to fraud or poor service. 4. Evaluate visual and editorial standards for indicators of illegitimacy, such as poor grammar or outdated branding. 5. Maintain updated antivirus software to block malicious downloads and phishing attempts. 6. Adjust browser settings to receive alerts about suspicious websites. The guidance highlights the importance of scrutinizing URLs for unusual spellings or characters and distinguishes between HTTP and HTTPS, noting that the padlock symbol does not guarantee trustworthiness. The initiative aims to protect both consumers and organizations from cyber threats, particularly as fake websites increasingly target personal information and financial transactions.