engineering Archives

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Winsage

April 13, 2026

The engineer who built Windows Task Manager in the 90s says its 80KB footprint was a feature not an accident

David Plummer, a veteran Microsoft engineer, created the original Windows Task Manager (Taskmgr.exe) in the 1990s, which had a file size of only 80KB. This small size was crucial for its functionality during system freezes. Plummer used a mutex to check if another instance of the program was running, allowing for efficient operation without complex process lists or loops. His recent reflections in early 2026 have sparked discussions about the evolution of software, particularly criticizing Windows 11 for straying from its foundational purpose and emphasizing resource efficiency. The 1990s hardware constraints forced developers to innovate, contrasting with today's environment where abundant resources allow for less efficient applications. Plummer's mutex technique is now seen as a benchmark in application design, highlighting a generational shift in development practices. The discourse around his 80KB Task Manager raises questions about the future of software procurement and the importance of memory footprint in purchasing decisions.

AppWizard

April 12, 2026

Hytale Hires the Creators of Minecraft’s Create Mod

Hypixel Studios has integrated the creators of the Create mod into its core design team for Hytale. Studio lead Simon Collins-Laflamme confirmed this, indicating that their focus is on enhancing the game's core systems, which may lead to automation features in the future. The Create team stated they will continue to support the Create mod for Minecraft, but it will not be ported to Hytale. The inclusion of the Create team suggests a commitment to expanding Hytale's mechanical complexity, although animated mechanical systems are not expected in the immediate future. Community response to this development has been positive.

Tech Optimizer

April 11, 2026

Overcoming barriers to database modernisation in the AI age

Enterprises in Malaysia are transitioning from legacy systems to modern infrastructure to facilitate AI deployment. A roundtable discussion highlighted the challenges of AI integration, emphasizing the need to reduce costs associated with outdated systems. Organizations are adopting hybrid cloud approaches and utilizing various databases to manage extensive data across multiple applications. The push for AI is driven by management and customer expectations, but employee willingness to upskill remains a challenge. Not all challenges require AI solutions, and starting with smaller use cases can lead to successful scaling. The adoption of open-source database systems like Postgres is increasing, necessitating reliable support to address issues and ensure application availability. Data sovereignty is a concern for enterprises operating in mixed environments, and EDB Postgres AI offers a platform that combines security with cloud agility. Reducing infrastructure costs is essential for freeing up resources for new initiatives.

Tech Optimizer

April 11, 2026

Google Cloud Highlights Ongoing Work on PostgreSQL Core Capabilities

Google Cloud has made technical contributions to PostgreSQL, focusing on advancements in logical replication, upgrade processes, and system stability. Key developments include the evolution of logical replication towards active-active configurations with automatic conflict detection to identify row-level conflicts during replication. This progress has sparked discussions about consistency models in database systems. Enhancements have also expanded logical replication to include sequences, reducing manual synchronization needs. Improvements to pg_upgrade have streamlined large object management and reduced upgrade times, while ensuring WAL data retention and schema constraint preservation. Bug fixes have addressed issues with index pages, extension loading, and WAL flush logic. Future features under development include a structured conflict log for replication and enhancements to parallel data export in pg_dump.

Winsage

April 9, 2026

BlueHammer: Windows zero-day exploit leaked

A proof-of-concept (PoC) exploit called BlueHammer has been released on GitHub, targeting an unpatched local privilege escalation vulnerability in Windows. The exploit, attributed to users Chaotic Eclipse and Nightmare Eclipse, has been modified by security researchers to work on updated versions of Windows 10, 11, and Windows Server. The exploit manipulates Microsoft Defender to create a Volume Shadow Copy, allowing access to sensitive registry files and enabling the extraction of NTLM password hashes. This facilitates the alteration of a local Administrator's password and subsequent login. The exploit can duplicate the Administrator's security token and create a malicious Windows Service that runs with SYSTEM privileges. While there are no reports of BlueHammer being exploited by malicious actors, researchers warn that such PoC code can be weaponized quickly. Microsoft has committed to investigating reported security issues related to this vulnerability.

Winsage

April 8, 2026

Linux gamers didn’t do anything wrong, but they might pay for Windows piracy anyway

Gaming on Linux has advanced significantly due to Valve's Proton compatibility layer and the Steam Deck, allowing most single-player PC games to run on the platform. Data from ProtonDB indicates that nearly every Windows game is now playable on Linux. However, hypervisor-based DRM bypass techniques have emerged, weakening Denuvo's anti-tamper protections and reviving day-zero piracy. Hypervisors operate beneath the operating system, allowing pirates to manipulate Denuvo's validation checks, drastically reducing the time to crack games. This resurgence of piracy poses security risks, as users must disable kernel-level security features, exposing their systems to vulnerabilities. Irdeto, the company behind Denuvo, recognizes the need for updated security measures, but these could complicate the gaming experience for Linux users. Linux's open-source nature complicates enforcing kernel integrity, making effective anti-cheat and DRM systems challenging. Despite these issues, Linux gaming has seen considerable growth, but the threat of hypervisor-based piracy could jeopardize this progress and lead to tighter DRM measures that may reduce Linux compatibility.

AppWizard

April 8, 2026

The FBI Warns That Foreign Cybercriminals Have Targeted Messaging App Users

Cybercriminals connected to Russian intelligence are conducting a large phishing campaign targeting messaging applications, impacting thousands of accounts worldwide. A joint advisory from the FBI and CISA reveals that these attacks focus on individuals with access to sensitive information, including government officials, military personnel, political figures, and journalists. The campaign relies on deception, with attackers impersonating official support channels on platforms like Signal, sending messages that prompt victims to click malicious links or provide confidential information. Victims who comply risk losing control of their accounts, allowing attackers to read private messages and access contact lists. This trend has been observed not only in the U.S. but also in the Netherlands, where similar tactics are used against government employees. The FBI notes that the security of the messaging apps is not the issue; rather, the vulnerability lies in human error. The rise of social engineering tactics poses a risk to both high-profile individuals and potentially everyday users, and users are advised to be cautious with unsolicited messages and not to share sensitive information.

Winsage

April 7, 2026

“This was not opportunistic. It was precision.” — How North Korean hackers used Microsoft Teams and Slack to compromise Windows PCs with an elaborate ploy

On March 30, 2026, axios, a JavaScript HTTP client library, was temporarily compromised by suspected North Korean hackers who hijacked maintainer Jason Saayman's account. This allowed them to publish two malicious versions of axios on npm. The malicious versions were identified and removed within three hours by StepSecurity. A post-mortem blog on GitHub provided security measures for users of Windows, macOS, and Linux, highlighting risks from a Remote Access Trojan (RAT) introduced during the breach. The attack was attributed to a group known as UNC1069, which has been active since at least 2018. Two weeks prior to the breach, Saayman was targeted in a social engineering campaign where attackers posed as a legitimate company founder, leading him to install the RAT via a fake update during a Microsoft Teams meeting. Microsoft Teams was not compromised; it was used as a delivery method for the Trojan. Saayman noted the operation's sophistication.

Winsage

April 6, 2026

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code for a Windows privilege escalation vulnerability, named BlueHammer, has been released, allowing attackers to gain SYSTEM or elevated administrator permissions. This zero-day vulnerability was disclosed by a researcher, Chaotic Eclipse, who expressed frustration with Microsoft's handling of the issue. The exploit combines a time-of-check to time-of-use (TOCTOU) issue with path confusion, granting local attackers access to the Security Account Manager (SAM) database, which contains password hashes for local accounts. While the exploit is confirmed to work, it has been found unsuccessful on Windows Server due to bugs that hinder its effectiveness. Attackers can gain local access through various means, raising significant security risks. Microsoft has not yet responded to inquiries about the BlueHammer flaw.