image files Archives

Winsage

May 5, 2026

Defender yanks root certs as Windows updates blocks backups

Microsoft's Defender anti-malware tool update version 1.449.425.0 removed two DigiCert root digital certificates, leading to false positives that flagged them as severe malware (Trojan:Win32/Cerdigent.A!dha). This incident was later identified as a false positive, and updating to version 1.449.430.0 or later reinstates the certificates. The issue may be linked to a DigiCert employee encountering disguised malware. Additionally, Windows updates from April 14 caused third-party backup applications to malfunction due to the addition of vulnerable psmounterex.sys kernel driver versions to a blocklist. Users experienced difficulties with mounting backup image files, and Microsoft referenced a vulnerability rated 9.3 out of 10 in the driver. Other affected software includes Acronis Cyber Protect Cloud and UrBackup server. Microsoft has not explained the delay in adding the vulnerable driver to the blocklist, and other recent update-related issues have also been reported.

Winsage

May 4, 2026

Microsoft confirms April Windows updates cause backup failures

Microsoft has acknowledged that the April 2026 security updates have disrupted the functionality of various third-party backup applications using the psmounterex.sys driver, raising concerns among users. The issue primarily affects software leveraging the Volume Shadow Copy Service (VSS) snapshots, leading to failures due to VSS service timeouts. Notable impacted products include Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup, used on Windows 11, Windows Server, and Windows 10 devices. Disruptions can manifest as failures to mount backup image files, errors or timeouts when browsing or restoring from backup images, and error messages related to VSS timeouts. Microsoft updated its support documentation to clarify that the April updates included a security hardening change that added psmounterex.sys to the vulnerable driver blocklist to protect against a high-severity buffer overflow vulnerability (CVE-2023-43896). Affected users are advised to upgrade to newer application versions with updated drivers and not to uninstall or pause the security update. Users can check if the Microsoft Vulnerable Driver Blocklist is blocking a driver by looking for Event ID 3077 in the Code Integrity Operational log. Additionally, Microsoft has alerted users that some Windows Server 2025 devices may boot into BitLocker recovery mode after installing the KB5082063 update and has issued out-of-band updates to address installation failures and restart loops affecting Windows Server systems after the April 2026 updates.

Winsage

May 3, 2026

Hate AI in Windows 11? Nuke it with this tool Microsoft probably doesn’t want you to know about

Microsoft has integrated artificial intelligence into Windows 11 with features like Copilot and Windows Recall, but user reception has been mixed due to security and privacy concerns. Users can disable or uninstall certain features, leading to a demand for a more streamlined operating system. NTLite, a Windows customization tool, allows users to enhance their control over Windows 11, offering faster multi-threaded extraction and the ability to remove AI tools from Windows 11 25H2 images, thus simplifying the user experience and reducing installation sizes. NTLite supports various Windows Image files and live editing, enabling modifications without a complete reinstall. It includes an AI Component Management option for greater control over AI features. While some components are critical and cannot be safely removed, users are advised to test ISO files in a virtual machine and create restore points before making significant changes.

AppWizard

April 25, 2026

NoVoice malware hit 2.3 million Android devices through apps Google never should have approved

McAfee researchers discovered a complex Android rootkit campaign, dubbed Operation NoVoice, that infiltrated 50 applications on Google Play, exploiting vulnerabilities in the kernel that had been patched but not uninstalled. The malware was resilient enough to survive factory resets and was concealed within seemingly benign apps, which collectively garnered 2.3 million downloads. The malicious payload was hidden in the com.facebook.utils package and used steganography to embed an encrypted payload within a PNG image. The malware conducted multiple checks to avoid detection and established contact with a command-and-control server, polling for exploit packages every 60 seconds. It utilized 22 distinct exploits, including vulnerabilities that had received patches between 2016 and 2021. The malware disabled SELinux enforcement and installed a persistent rootkit that could survive factory resets. Google confirmed the removal of the infected apps but noted that users who had already downloaded them remained at risk, especially if their devices were running unpatched Android versions. McAfee advised affected users to treat their devices as compromised and consider professional inspection or hardware-level storage wiping for remediation.

BetaBeacon

March 17, 2026

How to Play Original Xbox Games On Android : Requirements, Install Steps & Tweaks

The X1 Box emulator allows Android devices to run original Xbox games, requiring specific requirements such as Android 8+, a 64-bit ARM processor, Vulkan-compatible GPU, and at least 8GB of RAM. Additional features like save states, controller support, and shader caching enhance gameplay, while limitations such as app crashes and performance variability may occur on less powerful devices.

Winsage

March 11, 2026

Microsoft Releases March 2026 Patch Tuesday Updates

Microsoft has released the March 2026 Patch Tuesday update, KB5079473, for all supported versions of Windows 11 (25H2 and 24H2). Key changes include: - A Network Speed Test Tool in the Taskbar for measuring Ethernet, Wi-Fi, and cellular performance. - New pan and tilt options for supported cameras in the Settings menu. - Built-in System Monitor (Sysmon) available as an optional feature; users should uninstall previous versions before enabling it. - Remote Server Administration Tools (RSAT) support for Windows 11 Arm64 devices. - Quick Machine Recovery tool enabled for Windows Professional devices not domain-joined or enrolled in enterprise management. - Ability to use .webp image files for desktop backgrounds. - Introduction of new emojis from Emoji 16.0, including a face with bags under the eyes and a fingerprint. - BitLocker improvements for device responsiveness after entering a recovery key. - Enhanced reliability of search functions in File Explorer. Additionally, Microsoft is publishing patch notes for the upcoming version 26H1, which is currently available to Windows Insiders on the Canary Channel but not yet public. The KB5079466 patch for version 26H1 includes features already seen in earlier Windows 11 versions.

Winsage

February 18, 2026

Releasing Windows 11 Builds 26100.7918 and 26200.7918 to the Release Preview Channel

Windows 11 Builds 26100.7918 and 26200.7918 (KB5077241) have been released for Insiders in the Release Preview Channel, covering versions 24H2 and 25H2. The update features a gradual rollout method for updates and includes various new features and enhancements: - Emoji 16.0 introduces a selection of new emojis. - Windows Backup for Organizations now includes a first sign-in restore experience. - Quick Machine Recovery (QMR) is activated for non-domain joined Windows Professional devices. - A built-in network speed test is accessible from the taskbar. - Taskbar improvements enhance the visual experience of the overflow area. - A new entry point in the account menu directs users to the Microsoft account benefits page. - Windows supports Microsoft Entra ID group and role SID resolution. - Users can control pan and tilt for supported cameras in the Settings app. - Sysmon functionality is now included natively in Windows for capturing system events. - Widget Settings now opens as a full-page experience in the Widgets app. - Users can set .webp image files as their desktop background. - The search process icon in Task Manager has been updated. - Storage Settings dialogs have been modernized, and performance for scanning temporary files has improved. - Enhancements have been made to Windows Update Settings for better responsiveness. - Reliability improvements have been implemented for the login screen and Nearby Sharing. - The Windows print service has been optimized for smoother performance during high-volume tasks. - File Explorer has received several improvements, including an extract all option for non-ZIP archive folders and enhanced reliability for displaying devices on the Network page. - Performance enhancements have been made to reduce resume-from-sleep time on heavily loaded systems. - Minor visual issues related to the taskbar, Windows Security pop-up credential fields, and the print dialog have been addressed.

AppWizard

December 13, 2025

White House really posted image of Trump as Minecraft character

In December 2025, an image of U.S. President Donald Trump as a Minecraft character circulated on social media, attributed to the official White House X account, with the caption "AMERICA'S MOST PRO-GAMER PRESIDENT." The image was verified as authentic by Snopes, originating from a genuine White House post in response to an article about video game developers and tax credits. This was not the first instance of the White House using video game imagery; a previous post featured Trump as Master Chief from Halo. However, the Minecraft image raised concerns about authenticity due to anomalies in the character model and the intricate design of the American flag pin. AI detection tools indicated a high likelihood that the image was AI-generated, despite the post's authenticity.

Winsage

November 25, 2025

Attackers are Using Fake Windows Updates in ClickFix Scams

Threat actors have adapted the ClickFix attack model, using a fraudulent Windows Update screen to disguise malicious code. This screen mimics the legitimate Windows Update interface and prompts users to execute harmful commands. The execution of these commands leads to the installation of LummaC2 and Rhadamanthys info-stealing malware. A report from ESET noted a 500% increase in ClickFix attacks, which now account for nearly 8% of all blocked attacks in early 2025. Huntress researchers tracked ClickFix lures that used steganography to deliver LummaC2 and Rhadamanthys malware, concealing malicious software within image files. The attacks involve a full-screen display that instructs users not to turn off their computers, ultimately prompting them to paste a malicious command. The execution process includes using mshta.exe and PowerShell to load and inject malicious assemblies. European law enforcement recently dismantled infrastructure used by threat actors, but Rhadamanthys is no longer distributed through the fraudulent Windows Update campaign. The use of steganography helps these payloads evade detection while relying on victims to manually execute commands.

AppWizard

November 25, 2025

CISA alert draws attention to spyware’s targeting of messaging apps

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the increasing threat of spyware targeting messaging applications, particularly on Android devices like Samsung. Cybercriminals are using social engineering techniques, including sending harmless-looking image files via WhatsApp, to install malicious software. Russian hackers have been reported to compromise Signal accounts. The alert highlights a focus on high-value individuals, including government officials and civil society members in the U.S., Middle East, and Europe. CISA has a history of issuing such alerts and provides cybersecurity guidance, including a "must-patch" list for federal agencies. Users are advised to be vigilant and follow mobile security guidelines, as threat groups are also using malicious QR codes and zero-click exploits to compromise devices.