hosts Archives

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

AppWizard

June 14, 2026

2026 Horror Game is 100% Free for Limited Time

Callus, a highly anticipated horror game, will be released in 2026 and is currently available for free for a limited time until June 15. The Epic Games Store and Steam regularly offer free games, while Itch.io also provides several complimentary titles.

Winsage

June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.

AppWizard

June 12, 2026

Going All in for Global Football Fans Across Meta Apps

This summer, a major football tournament will take place in North America, with collaborations between Meta and creators, athletes, and teams to enhance fan experiences. Key features include: - Threads: Real-time discussions, live chats with notable hosts, a dedicated football community, real-time match scores, team flair, stickers, custom emojis, media highlights, and game reminders. - Instagram: Enhanced search for tournament-related content, AI-powered voice effects in DMs. - Facebook: Football mode with themed reactions, the "Wear It" feature for virtual jerseys, and exclusive tournament-themed stickers. - Messenger: Live updates for real-time match highlights in group chats, limited-edition football pitch backgrounds, and animated stickers. - WhatsApp: Integration of the official match ball emoji, football-themed calling effects, a football sticker pack, and a dedicated football directory for match-day updates. Meta is also implementing measures to protect athletes and fans from negative interactions during the tournament.

AppWizard

June 8, 2026

Minecraft 26.2 Pre-Release 5

26.2 Pre-Release 5 introduces adjustments to Hardcore mode settings and various bug fixes, with an official launch scheduled for June 16. Changes include: - Automatic adjustment of the Graphics API setting if a crash occurs during startup. - Correction of the sound effect for hitting the sulfur cube in the bouncy archetype. - World hosts can change the game mode using F3 + F4 or commands, updating the default game mode for the world. - Removal of the "Game Mode" and "Allow Commands" buttons in Hardcore mode worlds. Startup and Fallback Behavior for Graphics API: - If a crash occurs at startup with "Prefer Vulkan" selected, it reverts to "Default." - The game collects system information regarding Vulkan even when set to "Default." - If a crash occurs with "Default," it switches to "Prefer OpenGL." - "Prefer OpenGL" prevents interaction with Vulkan to avoid crashes. Fixed bugs: - Sounds for the bouncy sulfur cube play at appropriate volume levels. - Flower patches now generate instead of single flowers. - Spear with Lunge no longer launches players downwards on a geyser. - Players cannot change their game mode from the World Options menu in hardcore worlds. - Friends Screen key binding allows typing instead of closing the screen. - Custom dialog buttons no longer disrupt the game menu. - Adjusting command settings updates the "Game Rules" button state correctly. - Changing game modes with commands reflects accurately in the World Options screen. - The "Statistics" button has been realigned in the game menu. - Correction of a string error in the friends error message. - Game mode is no longer incorrectly set to Survival mode upon re-entering the save. - Hardcore death cannot be circumvented by rejoining the world. Pre-Releases are available for Minecraft: Java Edition, and users are advised to back up their data before testing.

Winsage

June 8, 2026

Meet the hidden Windows 11 tool that reveals what Task Manager misses

Microsoft has integrated Sysmon into Windows 11 through a system update, allowing it to operate in the background and log activities in the Windows Event Log. Indicators of suspicious processes include the absence of icons or descriptions, incorrect parent processes, spelling errors in names, unsigned executable files, packed executables, suspicious DLLs or services, open TCP/IP endpoints, and unusual URLs or character strings. To install Sysmon, users must access the Control Panel, enable Sysmon, and restart their PC. Activation requires running a command in the Command Prompt. Sysmon logs can be viewed in the Event Viewer under Microsoft > Windows > Sysmon > Operational. Users can filter events using an XML configuration file. After analysis, suspicious processes should be scanned with antivirus software, and files can be uploaded to VirusTotal for further examination. Sysmon continuously logs events, while Process Monitor captures snapshots of running processes, and both tools are available for free from Microsoft.

AppWizard

June 8, 2026

Android Sideloading in 2026: Which Apps Are Worth Installing Outside the Play Store

VidMate apk is a widely used application that operates outside the Play Store and continues to do so into 2026. Sideloading is the process of installing an Android app from a source other than the Google Play Store, using the APK file format. Android supports sideloading, allowing users to enable installations from unknown sources in their device settings. As of 2026, Google requires developers distributing apps outside the Play Store to register, verify their identity with a government-issued ID, and pay a one-time fee. This policy aims to enhance security without eliminating sideloading. Enforcement began in select countries in September 2026 and will continue globally through 2027. Concerns have been raised about the potential barriers this creates for independent developers. In 2026, apps from developers with official websites and established histories are considered safer, while those from anonymous sources carry increased risks. Notable categories of sideloaded apps include video downloaders like VidMate, open-source YouTube clients like NewPipe, ad-blocking browsers, and privacy-focused tools. To install sideloaded apps safely, users should enable the option to install from unknown sources in their device settings and download from official developer websites or trusted repositories like APKMirror, F-Droid, or GitHub. Users should avoid sites that do not identify the app's creator or host unverified uploads.

AppWizard

June 7, 2026

Here’s how to watch the PC Gaming Show 2026

The PC Gaming Show will return this summer, featuring over 50 games. Hosts include Frankie Ward, Mica Burton, Sean 'Day[9]' Plott, and YouTuber Elz. The event will be broadcast on Twitch, YouTube, X, and Steam with localized subtitles in multiple languages and sign language options. It starts on Sunday, June 7, at 12:00 PT / 15:00 ET / 20:00 BST / 03:00 CST. A 30-minute pre-show will precede the main event, and co-streams will be available from popular personalities. Viewers can win a custom PC, and the event will include highlights from the Future Games Show and interviews, including one with Gareth Damian Martin, creator of Citizen Sleeper.

Winsage

June 3, 2026

Microsoft Brings Open Source Coreutils To Windows – Open Source For You

Microsoft has introduced Coreutils for Windows, based on the open-source Rust reimplementation of GNU Coreutils, to enhance its developer ecosystem and simplify cross-platform development. This integration allows developers to use familiar Linux command-line utilities natively within Windows, promoting consistency across operating systems. Additionally, Microsoft has unveiled WSL containers, enabling developers to create, run, and deploy Linux containers directly through the Windows Subsystem for Linux (WSL). This feature aims to streamline Linux container workflows and reduce reliance on third-party platforms. Microsoft has noted significant engagement with WSL, receiving over 200 pull requests monthly since its open-sourcing. New APIs will also allow native Windows applications to manage Linux containers programmatically, with controls for IT administrators to oversee container usage. A public preview of WSL containers is expected in the coming months.

Winsage

June 3, 2026

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have identified an unpatched vulnerability that could expose NTLMv2 hashes to attackers, linked to the "search:" URI handler. This issue is similar to CVE-2026-33829, which involved a spoofing vulnerability in the Windows Snipping Tool's ms-screensketch: URI handler. The flaw allows attackers to trick users into connecting to their SMB servers, disclosing NTLMv2 hashes for authentication exploitation. The new vulnerability operates using "search:" and "crumb=location:" parameters, resulting in a similar Net-NTLMv2 leak. Microsoft has chosen not to address this issue, stating only vulnerabilities classified as Important or Critical would be fixed. Recommendations to mitigate risks include blocking outbound SMB traffic, enforcing SMB signing, and disabling NTLM authentication where possible.