exploiting Archives

TrendTechie

June 20, 2026

Светлогорский хакер зарабатывал на скрытом майнинге, заражая компьютеры через торрент-раздачи

Cybercrime prevention officers in the Grodno region arrested a 35-year-old resident of Svetlogorsk for profiting from modified malware known as a "cryptojacker." This malware was embedded in free torrent downloads, activating on users' computers to mine cryptocurrency, which degraded the machines' performance. The suspect earned approximately one thousand Belarusian rubles monthly and was exploiting over 500 computers at the time of his arrest, affecting users in Belarus and neighboring countries. An investigation is underway to identify the victims, and criminal charges have been filed against him.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

Winsage

June 15, 2026

New Windows Zero‑Day Flaws Target Defender and BitLocker

A cybersecurity researcher known as “Nightmare Eclipse” has revealed two zero-day exploits threatening Windows systems: RoguePlanet and GreatXML. RoguePlanet targets Microsoft Defender, allowing attackers to execute privileged actions and gain SYSTEM-level access on Windows machines. It is a local privilege escalation vulnerability that remains effective on fully updated systems. GreatXML claims to bypass BitLocker disk encryption by manipulating the Windows Recovery Environment, potentially granting access to protected files. However, its effectiveness may be overstated, as it might require administrator-level access. Microsoft advises organizations to implement security updates, treat lost or accessible devices as high-risk, enforce stricter policies, and monitor threat intelligence to mitigate exposure to these vulnerabilities.

AppWizard

June 15, 2026

Your inbox might finally get quieter now that Google is taking down a major AI scam ring

Google has filed a lawsuit against the alleged China-based "Outsider Enterprise" network for using Gemini AI to conduct extensive phishing scams. The company is working with the FBI and major telecommunications carriers, including AT&T, T-Mobile, and Verizon, to intercept scam messages. Investigators have linked the operation to over 9,000 counterfeit websites and more than one million malicious URLs, primarily targeting Android users. The "Outsider" phishing platform offered over 290 website templates for mimicking banks and other entities, utilizing AI-generated code. Google is also supporting seven bipartisan bills aimed at combating AI-driven fraud and has implemented AI-driven defenses that block over 10 billion malicious messages each month.

Winsage

June 11, 2026

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

A new zero-day exploit named RoguePlanet has been discovered targeting Microsoft’s Windows operating system, disclosed by security researcher Nightmare Eclipse. The exploit allows local privilege escalation (LPE) by exploiting a race condition in Microsoft Defender and can facilitate remote code execution (RCE) through deceptive .vhd(x) files. RoguePlanet may also bypass BitLocker encryption. The proof-of-concept has been tested on Windows 10 and Windows 11 systems but does not function on Windows Server, although the researcher believes all Windows Server versions are vulnerable. Following its release, RoguePlanet was confirmed by other researchers to spawn a command prompt with SYSTEM privileges on patched computers. This disclosure comes after Microsoft released patches for earlier exploits by Nightmare Eclipse, including GreenPlasma and YellowKey. The researcher has expressed dissatisfaction with Microsoft’s vulnerability disclosure process, alleging legal action against them and the suspension of their GitHub account, leading to the publication of RoguePlanet under a new account.

AppWizard

June 11, 2026

Valve Is Killing Physical Steam Gift Cards, Blaming Scammers

Valve has announced the discontinuation of its physical Steam gift card program in retail stores globally due to ongoing issues with scammers exploiting these cards for fraudulent activities. All retail stock is expected to be depleted by the end of 2026. Scammers have been using these cards to siphon funds from victims, often impersonating officials or agencies. Valve has implemented measures to combat these scams but has decided to terminate the retail gift card program. Retailers will sell their remaining inventory but will not restock physical gift cards. Customers can still use existing gift cards on Steam, and digital gift cards will continue to be offered. Consumer protection agencies warn that fraudsters will continue to exploit gift cards from various brands.

Winsage

June 10, 2026

Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

Microsoft's recent Patch Tuesday release addressed 206 security vulnerabilities, marking the largest update since the program began in October 2003. Among these, 32 vulnerabilities are classified as critical, including three zero-day vulnerabilities that were disclosed before patches were available, though none are reported to be actively exploited. Notable vulnerabilities include: - CVE-2026-50507 in Windows BitLocker, with a CVSS score of 6.8, allowing unauthorized bypass of security features through physical attacks. - CVE-2026-49160 in HTTP.sys, with a CVSS score of 7.5, which can be exploited for remote denial-of-service attacks. - CVE-2026-45586 in the Windows Collaborative Translation Framework (CTFMON), with a CVSS score of 7.8, which could grant SYSTEM privileges to attackers.

Winsage

June 10, 2026

Windows 11’s June update shuts down an intentional BitLocker backdoor with full file access

Microsoft addressed three zero-day vulnerabilities identified by security researcher Nightmare-Eclipse, named YellowKey, GreenPlasma, and MiniPlasma. The YellowKey vulnerability allows access to BitLocker-protected drives on Windows 11 using a USB key, leading to allegations that Microsoft may have left a backdoor in BitLocker. Microsoft implemented a mitigation strategy included in the June 2026 Patch Tuesday updates, which addressed over 200 security flaws. Tensions arose between Microsoft and Nightmare-Eclipse regarding vulnerability reporting protocols and researcher compensation, with Microsoft initially threatening legal action against the researcher. Following backlash, Microsoft retracted the threat but tensions persisted. Nightmare-Eclipse claimed retaliation from Microsoft, including the banning of their GitHub account and deletion of their Microsoft account, which Microsoft denied. The situation highlights the ongoing challenges in cybersecurity and the relationship between tech companies and security researchers.

Winsage

June 10, 2026

Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature

On June 9, 2026, Microsoft announced a vulnerability in Windows BitLocker, identified as CVE-2026-50507, which allows unauthorized attackers with physical access to bypass BitLocker Device Encryption. The flaw is categorized under CWE‑306, indicating a missing authentication check for a critical function, and has a CVSS v3.1 base score of 6.8. It affects various versions of Windows 10, Windows 11, and Windows Server from 2012 R2 to 2025. Microsoft released security updates to address the vulnerability, and it was classified as “Exploitation More Likely.” Although there is no evidence of active exploitation, proof-of-concept code exists. Organizations are advised to implement multi-factor configurations and reassess device handling and security protocols.

AppWizard

June 10, 2026

Final Fantasy Resonance Preview: Final Fantasy Goes HD-2D, and It’s Glorious

Final Fantasy Resonance is a turn-based HD-2D RPG set to launch on October 22 for PlayStation, Xbox, PC, and Nintendo Switch. The game features a new protagonist, Rain, and his companions as they protect magic crystals from the antagonist Veritas of the Dark. It includes familiar elements like airships and chocobos, with a combat system that displays a straightforward turn order and incorporates a stagger mechanic. Players can utilize Visions, which are akin to personas, to enhance combat strategies. The game is projected to offer 30-40 hours of gameplay, or 60-80 hours for completionists.