domains Archives

Winsage

June 2, 2026

PHANTOMPULSE RAT Uses UAC Bypass to Hijack Windows Systems

PHANTOMPULSE is a remote access trojan (RAT) used as a final payload in multi-stage attacks targeting Windows environments. It employs advanced post-exploitation techniques, including process injection, User Account Control (UAC) bypass, and a decentralized blockchain-based command-and-control (C2) mechanism. The malware utilizes three process injection techniques: module stomping, manual DLL mapping, and debug-driven execution. It avoids detection by using direct system calls instead of standard Windows APIs and incorporates a hardware breakpoint mechanism to disable security protections like AMSI and ETW. PHANTOMPULSE retrieves its C2 server address from Ethereum-based transaction data but has a vulnerability that allows defenders to hijack communication. It achieves persistence through scheduled tasks and supports self-healing capabilities. Privilege escalation is done using the "schuac" UAC bypass technique. The malware conducts system reconnaissance focusing on cryptocurrency wallets and messaging apps but does not directly steal credentials. It shows signs of AI-assisted development and shares tactics with DPRK-aligned threat groups, particularly in targeting cryptocurrency platforms.

Winsage

June 1, 2026

Introducing a powerful new chapter for Windows PCs, accelerated by NVIDIA RTX Spark

At NVIDIA's GTC event, Microsoft and NVIDIA announced a collaboration to launch powerful thin-and-light Windows PCs enhanced by NVIDIA RTX Spark technology, aimed at developers, creators, and power users for AI applications. The new PCs feature RTX Spark with 1 petaflop of AI performance, up to 6144 Blackwell RTX cores, 20 power-efficient Arm architecture cores, and up to 128GB of unified memory. Microsoft implemented workload profile scheduling (WPS) to optimize task distribution across cores and introduced the Microsoft Power and Thermal Framework (MPTF) for improved power efficiency. The Prism emulator has been optimized for these PCs, ensuring smooth operation of x86 applications. Microsoft is also enhancing Windows 11's performance and reliability, with a focus on securely building and running AI agents. A range of RTX Spark-powered devices will be available from manufacturers like Microsoft Surface, ASUS, Dell, HP, Lenovo, and MSI starting this Fall. The Surface Laptop Ultra is specifically designed for creators, while other models from ASUS, Dell, HP, Lenovo, and MSI also emphasize AI performance. Additionally, Microsoft and NVIDIA are scaling Windows to NVIDIA DGX Station, which will feature the NVIDIA GB300 Grace Blackwell Ultra Desktop Superchip for advanced AI workloads.

Tech Optimizer

May 27, 2026

NordVPN’s New App Acts as an All-in-One Digital Privacy and Security Hub

A virtual private network (VPN) does not protect against fraudulent banking links or harmful files. NordVPN has enhanced its VPN application by integrating antivirus features, evolving into a comprehensive digital privacy and security service. The revamped app is based on three pillars: Connect, Protect, and Monitor, offering tools such as VPN services, scam and phishing protection, and Dark Web Monitor. NordVPN's approach aims to intercept threats early, focusing on deception tactics used in modern scams. The company's next-generation antivirus system uses a dual-layer detection strategy, evaluating URLs in real-time and scanning files for malware. In April, NordVPN blocked 4.8 million threat events, including malware and phishing attempts. The company emphasizes minimal data collection for threat decisions and offers three subscription tiers: Basic, Complete, and Prime, each with a 30-day money-back guarantee. Users are reminded that no app can fully protect against cybersecurity threats, and best practices like strong passwords and multifactor authentication are essential.

AppWizard

May 20, 2026

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have identified an ad fraud and malvertising operation called Trapdoor, targeting Android users with 455 malicious applications and 183 command-and-control domains. Users often download these disguised apps, which initiate malvertising campaigns and lead to further downloads of malicious applications. At its peak, Trapdoor generated 659 million bid requests daily, with over 24 million downloads of the associated apps, primarily from the United States. The operation exploits install attribution tools to activate malicious activities only for users acquired through fraudulent ad campaigns, while suppressing such behavior for organic downloads. Trapdoor employs advanced evasion techniques, including obfuscation and impersonation of legitimate software, to avoid detection. Google has removed the identified malicious apps from the Play Store in response to the threat.

Winsage

May 19, 2026

Microsoft plans to improve Windows 11 driver quality in 2026

Microsoft is launching the Driver Quality Initiative (DQI) to improve the quality of Windows 11 drivers, which are crucial for the operating system's performance. The initiative includes four pillars: encouraging the use of safer user-mode drivers, implementing rigorous partner verification processes, enhancing the Windows Update catalog, and focusing on stability and performance. Microsoft plans to collaborate with partners like AMD and Intel to achieve these goals. AMD's Director of Software Engineering emphasized that driver quality is a shared commitment. Additionally, Microsoft aims to enhance Windows 11 by reintroducing features like a movable taskbar and improving performance for lower memory devices, with gradual improvements expected in the coming months.

Tech Optimizer

May 15, 2026

From commit to cloud: Powering what’s next for PostgreSQL

PostgreSQL is widely used across various industries, supported by Microsoft through significant investments, including 345 commits to the latest release and a dedicated team of contributors. It is recognized for its ability to handle complex production challenges, such as transactional integrity and concurrency management. Microsoft operates PostgreSQL globally, informing upstream contributions based on real-world deployment experiences. The database is increasingly integrated into AI applications, with Azure Database for PostgreSQL and Azure HorizonDB focusing on AI functionalities. Microsoft offers multiple deployment models to accommodate different workload needs, including Azure Database for PostgreSQL for open-source workloads and Azure HorizonDB for cloud-native systems. Recent contributions from Microsoft include enhancements in asynchronous I/O, vacuum behavior, and query planning. Azure HorizonDB is designed for high-throughput, low-latency systems requiring horizontal scaling. Microsoft also invests in developer tools, such as a Visual Studio Code extension for PostgreSQL, and sponsors PostgreSQL conferences and user groups globally.

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

Winsage

May 11, 2026

Omnissa adds Windows Server management to Workspace ONE

Omnissa has integrated Windows Server management into its Workspace ONE Unified Endpoint Management (UEM) platform, allowing organizations to manage Windows Server alongside various endpoints from a single cloud-based system. This integration aims to address challenges faced by IT teams that rely on separate tools for server management, which can increase costs and complicate operations. The inclusion of Windows Server enables IT teams to apply policies, automate tasks, and maintain visibility across devices. Hemant Sahani, Vice President of Product Management at Omnissa, noted that this approach offers cost benefits compared to traditional solutions like Microsoft System Centre Configuration Manager, enhancing security and streamlining server lifecycle management. The new support includes over-the-air configuration management, allowing enforcement of security policies and automation of patching. Administrators will have access to remote inventory data and insights into system performance and security issues, leveraging AI and machine learning. The integration allows for the consolidation of management tools, reducing the number of consoles IT staff must navigate. CDW has endorsed this launch, highlighting its potential to simplify operations and improve security for customers. Omnissa currently serves 26,000 customers globally in various domains, including unified endpoint management and security compliance.

Winsage

May 11, 2026

Rustinel: Open-source endpoint detection for Windows and Linux

Open-source endpoint detection tools have typically been divided between Windows and Linux, with Windows solutions focused on Sysmon and Linux solutions on eBPF or auditd. Rustinel is a Rust-based endpoint agent that consolidates these efforts by gathering telemetry from both operating systems using ETW on Windows and eBPF on Linux, normalizing the data into a unified model. It evaluates the information against Sigma rules, YARA signatures, and atomic indicators of compromise, storing alerts in ECS-compatible NDJSON format for integration with SIEM or log-analysis platforms. Rustinel supports a range of events on Windows, including process creation, network activity, and PowerShell executions, while Linux support currently includes process, network, file, and DNS telemetry. It operates in user mode on both platforms, requiring specific conditions for installation. Unlike commercial EDR solutions that use kernel drivers, Rustinel's user-mode design prioritizes simplicity and stability, although it acknowledges limitations in tamper resistance and visibility. The agent utilizes three detection engines: Sigma for behavioral matching, YARA for scanning executables, and an IOC engine for deterministic checks. While it leverages existing content familiar to defenders, it has coverage gaps for certain advanced threats. Rustinel is available on GitHub under the Apache 2.0 license.

Tech Optimizer

May 9, 2026

Avast Free Antivirus: The Go-To Software for Millions of Users

Avast’s free antivirus software is popular among Windows users, known for its user familiarity, robust features, and solid reputation. Key features include real-time malware detection, Smart Scan for multiple checks, a web shield for online safety, behavior-based detection for suspicious activity, and a Wi-Fi Inspector for network vulnerabilities. The software offers reliable malware detection, a user-friendly interface, and advanced tools like ransomware protection and network scanning, but it has downsides such as frequent prompts for premium upgrades and potential performance dips during scans. Avast employs a dual protection approach with signature-based detection and behavioral analysis, checking files immediately upon access and quarantining suspicious ones. It includes web protection to block malicious domains and an Email Shield for harmful attachments. The software receives frequent updates to maintain effectiveness against new threats, leveraging a vast threat intelligence network for rapid response to emerging malware. The free version is suitable for basic tasks like browsing and email management, but users needing advanced features may consider upgrading. Installation should be done from the official website to avoid unwanted software, and an initial scan is conducted post-installation. Avast's longevity is attributed to user habit and trust, consistently performing well in independent tests. When compared to other free antivirus programs, Avast offers a more extensive range of features than some competitors, though it may be more complex. Users can optimize settings for better protection by enabling core shields, adjusting scan strategies, and managing privacy settings. Regular updates are crucial for maintaining effective protection.