execution Archives

Tech Optimizer

February 10, 2026

AKDAN Malware Hunters blocks new malware that are difficult to detect with existing Antivirus with ‘AKDAN HALL’

AKDAN Malware Hunters has launched the AKDAN HALL PED, a security solution that detects and neutralizes unknown document-based malware in 0.27 seconds, achieving a 99% success rate against emerging threats. This technology uses Pre-Execution Detection (PED) and a virtual "hypnosis" environment to analyze potentially malicious behavior, differing from traditional antivirus software that relies on known threat databases. CEO Sean Jeon, with over 15 years in cybersecurity, emphasizes the need for proactive measures as 91% of cyberattacks start via email, often using document-based malware. The AKDAN HALL product line includes a cloud-based agent for personal use and the AKDAN HALL Mini, a compact server for sensitive environments, both designed to complement existing antivirus solutions. The company has received support from the Initial Startup Package program at Seoul National University of Science and Technology and plans to expand into the Japanese market.

Tech Optimizer

February 10, 2026

GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection

GuLoader, also known as CloudEye, is a downloader malware that has been active since late 2019, primarily used to fetch and install secondary malware like Remote Access Trojans (RATs) and information stealers. It employs legitimate cloud services such as Google Drive and Microsoft OneDrive to host its malicious payloads, allowing it to evade detection by security tools. GuLoader utilizes advanced techniques including polymorphic code, which alters its appearance to avoid static detection signatures, and exception-based control flow to confuse analysis tools. Over the years, GuLoader has refined its tactics, including the use of software breakpoints and various exception types to redirect its operations. It also employs dynamic XOR encryption to obfuscate internal data, making it difficult for analysts to extract URLs. The malware's continuous evolution poses ongoing challenges for security researchers. Indicators of Compromise (IOCs) include specific hash values for different versions of GuLoader from 2022 to 2024.

Winsage

February 10, 2026

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

The Global Group has shifted to a local execution strategy for ransomware, complicating detection and response efforts. Their infection process begins when a user opens a shortcut file with a double extension (e.g., “Document.doc.lnk”), which appears as a legitimate document due to Windows' default settings that hide file extensions. The shortcut icon mimics that of a Microsoft Word file. When executed, the .lnk file activates Windows utilities like cms.exe and PowerShell to retrieve and execute the next-stage payload, effectively bypassing traditional security controls focused on malicious documents or executable attachments.

AppWizard

February 10, 2026

I tried Nothing’s AI app builder — and ended up with a screaming tea timer

Nothing’s Essential App Builder allows users to create personalized applications without extensive coding experience. The platform enables users to articulate app ideas and facilitates their creation through a series of edits. One user successfully created a tea timer app that tracks steeping times and provides boiling temperatures for different teas, despite facing minor design issues during development. The Essential App community showcases diverse creativity, with applications ranging from practical tools to whimsical creations. Currently, Essential Apps are exclusive to the Nothing Phone 3, with plans for future expansion to other models and enhanced functionality.

AppWizard

January 31, 2026

After 21 years, GTA: San Andreas speedrunners discover a wild 31-step skip that lets you beat the original PC port in under an hour

A new speedrunning technique for the PC version of GTA: San Andreas allows players to complete the game in under an hour using a method called the Arbitrary Jump in Script (AJS) skip. This technique involves approximately 30 precise steps and was detailed by Reddit user Vitosi4ek. The AJS skip enables speedrunners to execute a JUMP instruction that leads directly to the game's conclusion. The discovery comes 21 years after the game's release, reflecting its lasting popularity and the innovative efforts of the speedrunning community.

Tech Optimizer

January 31, 2026

Waystar Holding Taps EDB Postgres AI To Power Next‑Phase Growth

Waystar Holding (NasdaqGS:WAY) is integrating EDB Postgres AI into its healthcare payments platform to improve reliability and operational performance. This platform processes transactions for about half of the U.S. patient population. The adoption of EDB Postgres AI is expected to enhance efficiency in serving hospitals, clinics, and insurers. Waystar has previously embraced AI through its AltitudeAI offerings and the acquisition of Iodine Software, aligning with a broader initiative toward AI-driven automation. The partnership with EDB may improve processing reliability and streamline new automation features, but there are risks related to execution and competition from other companies enhancing their AI capabilities. Future metrics to monitor include uptime, processing speed, and the adoption of AI-driven workflows.

Winsage

January 29, 2026

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence

Praetorian Inc. has launched Swarmer, a tool that enables low-privilege attackers to maintain stealthy persistence in the Windows registry while avoiding detection by Endpoint Detection and Response (EDR) systems. Swarmer uses mandatory user profiles and the Offline Registry API to modify the NTUSER hive without triggering standard registry hooks. It operates by creating an NTUSER.MAN file that replaces the NTUSER.DAT hive upon user login, allowing low-privilege users to manipulate registry settings without alerting EDR tools. Swarmer employs functions from Microsoft’s Offline Registry Library, enabling it to perform operations without invoking Reg* API calls, thus evading detection mechanisms. Swarmer's workflow involves exporting the HKCU registry, modifying it, and executing the tool with specific commands to place the modified NTUSER.MAN file into the user profile. It can be used as an executable or a PowerShell module. While it presents a novel method for persistence, Swarmer has limitations, such as being unable to update without admin access and requiring user login to activate. Detection strategies include monitoring for NTUSER.MAN file creation and Offreg.dll usage in non-standard processes.

Tech Optimizer

January 29, 2026

eScan Antivirus Update Server Hacked to Push Malicious Update packages

A supply chain breach has affected MicroWorld Technologies' eScan antivirus product, allowing malicious actors to use the vendor's update infrastructure to spread malware. Discovered on January 20, 2026, by Morphisec, the attack involved a trojanized update package that deployed multi-stage malware on enterprise and consumer endpoints globally. The initial compromise occurred through a malicious update replacing the legitimate Reload.exe binary, which was digitally signed with a valid eScan certificate. This led to the execution of a downloader (CONSCTLX.exe) and further malware stages that evaded defenses and disabled security features. The malware obstructs automatic updates by altering system configurations, including the hosts file and registry keys. Indicators of compromise include specific file names and SHA-256 hashes for the trojanized update and downloader. Network administrators are advised to block traffic to identified command and control domains and IPs. Affected organizations should verify their systems for signs of compromise and contact MicroWorld Technologies for a manual patch.

AppWizard

January 28, 2026

Code Vein 2 may not be a soulslike masterpiece, but it proves that the rule of cool is much more fun

The first hour of Code Vein 2 felt lackluster due to the absence of exhilarating combat and overwhelming tutorial prompts. However, the gameplay improved significantly with the unlocking of dual swords and the execution of a Drain Attack, leading to a more enjoyable experience. The game is rated between 7-8/10, offering exhilarating combat mechanics and diverse build options, despite a lack of narrative depth and familiar character archetypes. Players take on the role of a Revenant Hunter tasked with preventing the world's collapse caused by Horrors. Code Vein 2 is available in Deluxe and Ultimate Editions priced at .74 / £63.74 and .24 / £72.24, respectively, both with a 15% discount, while the standard edition is priced at .74 / £46.74.

Tech Optimizer

January 27, 2026

Not a virus: What it means and why antivirus flags it

The term “not a virus” is used by antivirus software to indicate that a file does not match known malware signatures but still triggers a detection. This means the file is not automatically blocked or confirmed as a threat; the alert highlights something unusual, leaving the decision to the user. Alerts typically arise when software exhibits behavior associated with increased risk, despite lacking clear evidence of malicious intent. Malware is specifically designed to inflict harm, while files labeled “not a virus” may perform actions that raise security concerns but are not classified as harmful. Antivirus programs identify threats through signature detection and heuristic behavior-based detection. Legitimate programs, such as system utilities, download managers, and game cheats, can inadvertently trigger “not a virus” alerts. Common types of detections include adware, riskware, and potentially unwanted applications (PUA). The primary security risk of “not a virus” files is exposure rather than direct attacks, and privacy concerns often arise from data collection by these programs. If an antivirus detects “not a virus,” users should identify the file, review recent changes, compare detections, and decide whether to keep or remove it. To reduce unwanted alerts, users should download from official sources, use custom installation options, and remove unused software.