domains Archives

Tech Optimizer

February 11, 2026

Malwarebytes and ChatGPT team up to check all of those suspicious texts, emails, and URLs with one simple phrase

Malwarebytes has partnered with ChatGPT to enable users to verify the authenticity of suspicious communications by asking, “Malwarebytes, is this a scam?” This integration allows for rapid assessments of potentially fraudulent messages, URLs, domains, and phone numbers. The tool is accessible to ChatGPT Free, Plus, Team, and Enterprise users and aims to enhance user safety and cybersecurity awareness. Users can also submit suspicious content directly to Malwarebytes to improve threat intelligence.

Tech Optimizer

February 11, 2026

Hackers Used Hugging Face to Distribute Android Banking Trojans

Cybersecurity researchers have identified a malware campaign that exploited Hugging Face's AI infrastructure to distribute Android banking trojans. The attackers used a deceptive app called TrustBastion, which tricked users into installing what appeared to be legitimate security software. Upon installation, the app redirected users to an encrypted endpoint that linked to Hugging Face repositories, allowing the malware to evade traditional security measures. The campaign generated new malware variants every 15 minutes, resulting in over 6,000 commits in about 29 days. It infected thousands of victims globally, particularly in regions with high smartphone banking usage but lower mobile security awareness. The operation is believed to be linked to an established cybercriminal group. Security experts warn that this incident highlights vulnerabilities in trusted platforms and calls for improved security measures, including behavioral analysis systems and verification of application authenticity. The incident has also sparked discussions about the need for enhanced security protocols for AI platforms.

Tech Optimizer

February 10, 2026

GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection

GuLoader, also known as CloudEye, is a downloader malware that has been active since late 2019, primarily used to fetch and install secondary malware like Remote Access Trojans (RATs) and information stealers. It employs legitimate cloud services such as Google Drive and Microsoft OneDrive to host its malicious payloads, allowing it to evade detection by security tools. GuLoader utilizes advanced techniques including polymorphic code, which alters its appearance to avoid static detection signatures, and exception-based control flow to confuse analysis tools. Over the years, GuLoader has refined its tactics, including the use of software breakpoints and various exception types to redirect its operations. It also employs dynamic XOR encryption to obfuscate internal data, making it difficult for analysts to extract URLs. The malware's continuous evolution poses ongoing challenges for security researchers. Indicators of Compromise (IOCs) include specific hash values for different versions of GuLoader from 2022 to 2024.

Winsage

January 30, 2026

Microsoft to disable NTLM by default in future Windows releases

Microsoft will disable the NTLM authentication protocol by default in the next major Windows Server release and associated Windows client versions. NTLM, introduced in 1993, has been vulnerable to various cyberattacks, including NTLM relay and pass-the-hash attacks. The transition plan includes three phases: enhanced auditing tools in Windows 11 24H2 and Windows Server 2025, new features like IAKerb and a Local Key Distribution Center in late 2026, and eventually disabling network NTLM by default in future releases. NTLM will remain in the operating system but will not be used automatically. Microsoft deprecated NTLM authentication in July 2024 and has encouraged developers to transition to Kerberos or Negotiation authentication.

Tech Optimizer

January 29, 2026

eScan Antivirus Update Server Hacked to Push Malicious Update packages

A supply chain breach has affected MicroWorld Technologies' eScan antivirus product, allowing malicious actors to use the vendor's update infrastructure to spread malware. Discovered on January 20, 2026, by Morphisec, the attack involved a trojanized update package that deployed multi-stage malware on enterprise and consumer endpoints globally. The initial compromise occurred through a malicious update replacing the legitimate Reload.exe binary, which was digitally signed with a valid eScan certificate. This led to the execution of a downloader (CONSCTLX.exe) and further malware stages that evaded defenses and disabled security features. The malware obstructs automatic updates by altering system configurations, including the hosts file and registry keys. Indicators of compromise include specific file names and SHA-256 hashes for the trojanized update and downloader. Network administrators are advised to block traffic to identified command and control domains and IPs. Affected organizations should verify their systems for signs of compromise and contact MicroWorld Technologies for a manual patch.

AppWizard

January 26, 2026

Want to block ads on Android? Here’s why I use an app over Private DNS

A recent poll showed that 65% of Android users block ads using the Private DNS feature, 19% use third-party apps like Blokada, 12% do not block ads at all, and 5% employ alternative solutions. The Private DNS feature allows users to specify a DNS provider for content control but may face challenges like website accessibility issues. In contrast, ad-blocking apps like Blokada use multiple blocklists and Android's VPN service for real-time filtering, offering more customization and control over ad-blocking preferences, though they may consume battery and require manual restarts on some devices. The choice between Private DNS and ad-blocking apps depends on individual user preferences and needs.

Winsage

January 19, 2026

Windows 11 Home vs Pro: Expert Issues Upgrade Advice

Windows 11 Home and Windows 11 Pro share consistent performance, with both versions offering the same kernel, gaming features, and applications. Key functionalities such as Copilot, Windows Defender, Secure Boot, and TPM 2.0 protections are available on both editions, assuming hardware requirements are met. Windows 11 Home is simpler for most consumers, performing updates seamlessly and allowing free upgrades from eligible Windows 10 devices. Windows 11 Pro offers enhanced control capabilities through the Group Policy Editor, allowing for update deferrals and more extensive system management. Pro includes BitLocker device encryption, centralized management features, and the ability to join domains and integrate with Azure Active Directory. It also supports virtualization features like Hyper-V and Windows Sandbox, which are not available in Home. Pro can serve as a host for remote desktop connections, while Home can only connect to remote PCs. In terms of hardware limits, Windows 11 Home supports up to 128GB of RAM and one CPU socket, while Pro supports up to 2TB of RAM and two CPU sockets. The retail prices are approximately 9 for Home and 9.99 for Pro, with upgrade options available. For general users, Windows 11 Home is recommended, but Pro is advisable for those needing remote desktop hosting, BitLocker management, update deferrals, or virtualization capabilities.

Winsage

January 19, 2026

Windows 11 Pro Upgrade Gains And Limits Revealed

Upgrading from Windows 11 Home to Pro does not significantly change the day-to-day experience, as both editions share a similar interface, performance, and core features like Copilot, File Explorer tabs, and enhanced Game Mode. Security features, including Secure Boot and Windows Defender, are consistent across both editions. The Pro edition offers additional administrative tools for enhanced security, remote access, and device management, making it suitable for users managing multiple PCs or needing corporate resource access. Key features of Pro include the ability to join Active Directory domains, centralized control over settings, full BitLocker capabilities, Remote Desktop hosting, and virtualization tools like Hyper-V and Windows Sandbox. Pro also supports higher hardware limits, accommodating up to 2TB of RAM and multiple CPU sockets. The pricing for Windows 11 Home is typically 9.99, while Pro is 9.99, with an upgrade fee of .99 from Home to Pro. Upgrading from eligible Windows 10 devices does not incur additional costs. Users who should consider upgrading to Pro include those managing multiple PCs, requiring Remote Desktop, or needing to comply with encryption policies. In contrast, gamers or casual users may find Home sufficient, as both editions provide the same gaming capabilities and interface without performance differences.

AppWizard

December 30, 2025

Google’s Android Automotive Adds PIN-Lock for App Privacy

Google has introduced the Sensitive App Protection feature in Android Automotive, allowing users to lock individual applications with a PIN to prevent unauthorized access to sensitive information in shared vehicles. This feature aims to enhance privacy amidst the rise of ride-sharing and car-sharing services, addressing concerns about unauthorized app usage by valets and other users. Sensitive App Protection is applicable to family cars and rental vehicles, ensuring that protected apps remain inaccessible without the PIN, even in restricted modes. The feature is designed to improve user privacy in connected cars, coinciding with increasing regulatory scrutiny regarding data handling. User adoption will depend on awareness and ease of use, with early feedback being generally positive. Critics note that while PIN-locking is beneficial, it does not fully address vulnerabilities related to data transmission over unsecured networks. Google plans to transition to the Gemini AI platform, which may enhance security features further. Regulatory bodies are monitoring these developments closely, and ethical considerations regarding access to privacy features for different user demographics are being discussed.

AppWizard

December 25, 2025

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Threat actors in Uzbekistan are increasingly using sophisticated tactics to target mobile users, specifically through malicious dropper applications that appear as legitimate software. A recent analysis by Group-IB identified an Android SMS stealer called Wonderland, which was previously known as WretchedCat. Unlike traditional Trojan APKs that activate malware immediately upon installation, Wonderland utilizes droppers that activate malicious payloads locally after installation, even without an internet connection. Wonderland enables bidirectional command-and-control communication, allowing real-time execution of commands, including SMS theft and USSD requests. It disguises itself as Google Play or various file formats to evade detection. The financially motivated group behind this malware, TrickyWonders, uses Telegram for coordination and was first detected in November 2023. Wonderland is associated with two dropper families: MidnightDat and RoundRift. Propagation methods for Wonderland include counterfeit Google Play Store pages, Facebook ads, and fake accounts on dating apps. Attackers exploit stolen Telegram sessions from Uzbek users to distribute APK files. Once installed, Wonderland can access SMS messages, intercept one-time passwords, and siphon funds from victims' bank accounts. It can also retrieve phone numbers, exfiltrate contact lists, suppress security alerts, and send SMS messages from compromised devices. Users must enable installations from unknown sources to sideload the app, often misled by a fake update screen. If granted permissions, attackers can hijack the phone number and log into the associated Telegram account, perpetuating the malware's spread. Wonderland represents a significant evolution in mobile malware in Uzbekistan, moving from basic malware like Ajina.Banker to more sophisticated variants like Qwizzserial. The use of dropper applications enhances its deceptive nature, allowing it to evade security checks. Both the dropper and SMS stealer components are heavily obfuscated, complicating reverse engineering. The supporting infrastructure for Wonderland is dynamic, with rapidly changing domains complicating monitoring efforts. Malicious APKs are generated through a Telegram bot and distributed by a network of threat actors. New strains of malware, such as Cellik, Frogblight, and NexusRoute, have also emerged, each capable of harvesting sensitive information from compromised devices.