hackers Archives

Winsage

May 12, 2026

Hackers Can Hide Malware Inside Images to Hack Windows

Researchers at Cyfirma have identified a cyberattack campaign named Operation SilentCanvas that targets Windows systems using deceptive JPEG files to infiltrate devices. The attack begins with victims receiving a file named sysupdate.jpeg, which contains a PowerShell script instead of an image. This script establishes staging environments and downloads additional malicious components while avoiding detection. The malware reconstructs command strings at runtime and downloads a secondary payload called access.jpeg, executed in memory. It exploits Microsoft's .NET compiler to create a custom launcher named uds.exe on infected machines. The malware takes control of a registry key to create a hidden desktop environment for undetected execution of malicious tools and installs a persistent Windows service, OneDriveServers, to maintain activity after reboots. Additionally, it can intercept usernames and passwords at the Windows login screen and create hidden local administrator accounts for long-term access. Security teams are advised to monitor the execution of commonly abused Windows binaries like csc.exe and ComputerDefaults.exe to mitigate risks.

BetaBeacon

May 6, 2026

North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.

Winsage

May 4, 2026

Microsoft Confirms Critical Windows Update Error Disrupting Global Systems

Microsoft has confirmed a critical bug in its latest cumulative update, affecting millions of Windows 10 and Windows 11 users. The issue leads to a "Restart and Shut Down" loop, preventing users from completing the update and locking them out of their devices. This disruption is particularly severe for corporate IT departments, with reports of entire office networks being paralyzed. The problematic update, identified as KB5037853, was meant to address security vulnerabilities but has caused systems to display an endless "Update and Restart" message. Some users experience a "Blue Screen of Death" (BSOD) and may be forced into "Recovery Mode." Microsoft is working on a "Known Issue Rollback" (KIR) to automatically undo the problematic code for consumer machines, while enterprise users may require manual intervention. The downtime is projected to result in significant financial losses, with large enterprises potentially losing up to ,600 per minute of unplanned downtime. Affected versions include Windows 11 22H2, 23H2, and Windows 10 22H2. Symptoms include failure to shut down, BSOD on boot, and missing Start menu icons. The estimated downtime ranges from 4 to 12 hours, depending on IT response speed. Critics have raised concerns about Microsoft's development process, suggesting it places users in the role of beta testers.

Winsage

May 3, 2026

You shouldn’t delay your Windows 11 updates, experts reveal

Experts advise against postponing Windows updates, as Microsoft has introduced features allowing users to control when updates occur. Users can pause updates for up to 35 days indefinitely, but delaying updates can lead to security vulnerabilities. Microsoft releases several types of updates: security updates, feature updates, quality updates, driver updates, optional updates, out-of-band updates, and zero-day updates. Zero-day updates are critical and should be installed immediately to avoid exploitation. Recent reports indicate that critical OS patching for Windows 10 and 11 is lagging by an average of 256 days, increasing the risk of cyber incidents.

AppWizard

April 29, 2026

Arc Raiders’ Riven Tides update didn’t fix the game’s biggest problem: Cheaters

The Riven Tides update for Arc Raiders introduced a new map and the Turbine threat but did not resolve ongoing cheating issues, leading to player dissatisfaction, including Tyler 'Ninja' Blevins' departure from the game. Since its launch in October 2025, player engagement has declined, with the average player count dropping from 241,000 in January 2026 to 76,000 in April 2026. Cheating has become widespread, affecting many players and compromising gameplay integrity. Embark Studios has acknowledged the problem and is working on solutions, but community frustration is growing, with many players leaving the game.

Winsage

April 29, 2026

Microsoft stopped protecting Windows 10 — The fix is only $10

Windows 10 support ended in October 2024, leaving systems vulnerable to security threats. A lifetime license for Windows 11 Pro is currently available for .97, regularly priced at 9, with the offer expiring on May 3 at 11:59 PM. Windows 11 Pro includes features such as Microsoft Copilot, TPM 2.0, BitLocker encryption, Smart App Control, biometric recognition, Snap Layouts, improved memory management, DirectX 12 Ultimate, Windows Sandbox, and Hyper-V.

AppWizard

April 29, 2026

Denuvo is finally dead: every PC game protected by the DRM can now be cracked or bypassed

A group of hackers has declared Denuvo, a digital rights management (DRM) software, as "fully useless" after successfully bypassing its protections, which have been in place since 2014. They achieved this through two main strategies: direct cracking, which removes Denuvo from games, and hypervisor bypass, which deceives Denuvo into functioning normally. These methods have been applied to games like Crimson Desert and Resident Evil Requiem. Recently, a prominent hacker announced the release of hypervisor bypasses for EA Sports games, confirming that all games using Denuvo can now be played for free.