domains Archives

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Tech Optimizer

February 24, 2026

Fake Zoom meeting “update” silently installs surveillance software

A deceptive website, uswebzoomus[.]com/zoom/, poses as a Zoom meeting platform and installs surveillance software on Windows devices without user consent. The software is a covert version of Teramind, a commercial monitoring tool. The site creates a fake Zoom waiting room experience, complete with scripted participants and background audio, to trick users into downloading a malicious file named zoomagentx64s-i(_941afee582cc71135202939296679e229dd7cced) (1).msi. This file is preconfigured to connect to an attacker-controlled Teramind server and operates in stealth mode, leaving minimal traces on the device. The installation process collects information about the device and is designed to evade detection by security tools. If users suspect they have been affected, they are advised not to open the downloaded file, check for its installation, and change passwords from a clean device.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

TrendTechie

February 18, 2026

В Болгарии закрыли популярные торрент-сайты

Bulgaria recently conducted a crackdown on torrent sites violating national and international laws, part of a broader international effort against online piracy. Three major torrent sites—ArenaBG, Zamunda, and Zelka—had their domains confiscated, and four individuals were detained. The operation involved collaboration among Europol, Bulgaria's General Directorate for Combating Organized Crime, the State Agency for National Security, and U.S. Department of Homeland Security and Justice. The crackdown was prompted by the illegal distribution of copyrighted materials, including films and software. Searches and seizures occurred at 30 locations, coordinated with the Bulgarian prosecutor's office. Authorities are currently assessing evidence to determine potential criminal charges related to the distribution of pirated content.

TrendTechie

February 14, 2026

Anna’s Archive начала выкладывать записи Spotify

The administrators of Anna’s Archive have released 6.4 terabytes of music, allegedly sourced from Spotify, despite facing legal challenges. The release includes over 2.8 million audio files distributed across 47 torrents. A Reddit user confirmed that the hash of some downloaded files matches the published metadata. The torrents contain music files with embedded media information and metadata, primarily featuring lesser-known tracks tagged as “pop_0.” This release is part of a claimed total of 300 terabytes of data encompassing 86 million listens on Spotify. Spotify has blocked unauthorized accounts involved in illegal data collection and filed a trillion-dollar lawsuit against the library's operators. The shadow library has temporarily removed its section for downloading Spotify content. Storing the entire music archive would require at least 50 hard drives, each costing around 0.

Winsage

February 13, 2026

Microsoft Edge and Interop 2026

Microsoft Edge is actively participating in the Interop project, now in its sixth year, collaborating with companies like Mozilla, Igalia, Google, and Apple to improve web interoperability. For Interop 2026, focus areas include expanding the CSS attr() function, enhancing color tooling, enabling container style queries, allowing custom highlights, improving the interoperability of dialog elements, enhancing the fetch() API, boosting IndexedDB performance, integrating WebAssembly with JavaScript promises, implementing media pseudo-classes, enhancing the Navigation API, allowing multiple custom element registries, creating scroll-driven animations, improving CSS scroll snapping behavior, adding support for the shape() CSS function, enhancing View Transitions, addressing web compatibility issues, improving WebRTC interoperability, and advancing the WebTransport API. Additionally, investigation efforts will focus on accessibility testing, developing a JPEG XL test suite, enhancing mobile testing infrastructure, and refining the WebVTT specification. A Top Developer Needs dashboard has been launched to monitor ongoing interoperability challenges. The previous Interop 2025 project achieved significant milestones, including reliable CSS anchor positioning, smoother view transitions, simplified Navigation API implementation, alignment on Core Web Vitals, streamlined JSON module scripts, and accessible disclosure widgets. All participating browsers in Interop 2025 scored at least 98%.

TrendTechie

February 12, 2026

США конфисковали домены трех крупнейших торрент-трекеров ЕС

U.S. law enforcement, in collaboration with Bulgarian authorities, has seized the domains zamunda.net, arenabg.com, and zelka.org due to copyright infringement related to pirated content. This operation was authorized by a U.S. District Court ruling and coordinated by the U.S. Department of Homeland Security, Europol, and Bulgarian officials. The domains, which were managed by U.S.-based registrars, have been redirected to U.S. control, displaying an official seizure notice. A significant portion of the content on these sites is owned by American companies, allowing U.S. jurisdiction. Bulgaria has been working to combat piracy since at least 2020 and was recently placed back on the U.S. Trade Representative's "Special 301 Report" list for insufficient progress. The servers hosting the trackers may be located outside Bulgaria, complicating their seizure. This operation highlights the risks faced by piracy platforms linked to international domains.

AppWizard

February 11, 2026

The old Little Nightmares team is back with Reanimal, but it isn’t the game I wanted

Reanimal is a visually stunning game with a two-player co-op experience that feels cumbersome and punishing. The game features vibrant aesthetics and intriguing boss designs but suffers from narrative confusion. Players embark on a journey to rescue a sibling from an island, navigating through various chapters that include sewers, a train graveyard, a surreal forest, and a city. The game’s tone is bleak, often evoking sorrow rather than fear, and the gameplay includes straightforward puzzles and inconsistent mechanics. While it attempts to create a sense of scale, the abundance of weapons diminishes the sense of danger. Despite its artistic qualities, Reanimal struggles with narrative clarity compared to Tarsier's previous title, Little Nightmares.

Tech Optimizer

February 11, 2026

Percona Expands Enterprise Database Stack With PostgreSQL Encryption And Valkey – Open Source For You

Percona has strengthened its position in the open source database market by introducing several key innovations, including the first fully open source implementation of Transparent Data Encryption (TDE) for PostgreSQL, 24/7 enterprise support for Valkey, and expanded Kubernetes Operators for MySQL, MongoDB, and PostgreSQL. The company has seen increased adoption from organizations moving away from proprietary licensing, with successful migrations such as BBVA transitioning to Percona's open source MongoDB stack. Percona has also engaged with the community through the release of the State of Open Source Database Management Report and hosting MySQL summits, while receiving recognition in various industry awards. The leadership team has expanded under CEO Peter Farkas, emphasizing the value of an open source-first approach.