impersonation Archives

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

May 1, 2026

007 First Light perfectly balances cinematic Bond action with Hitman’s signature sandbox freedom

The game "007 First Light" features a balance between open-world exploration and linear action, successfully merging Bond-style storytelling with gameplay mechanics. Players experience three distinct levels, including a narrative introduction, an MI6 training arena, and a museum setting that encourages strategic gameplay. The museum level allows for various approaches to objectives, such as stealth and impersonation. Combat mechanics differ from the Hitman series, with Bond engaging in stylish confrontations rather than relying solely on stealth. Players can utilize gadgets, including a laser watch, which require resource management. The game boasts impressive visuals and character portrayal, with a focus on realism and immersion. The developers aim to appeal to a broad audience of Bond fans, ensuring an engaging experience.

Winsage

April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.

Winsage

April 25, 2026

New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions

PhantomRPC is a significant architectural vulnerability in the Windows Remote Procedure Call (RPC) framework that allows local privilege escalation to SYSTEM-level access across all Windows versions. Discovered by Kaspersky's Haidar Kabibo at Black Hat Asia 2026, this vulnerability stems from the RPC runtime's failure to verify the legitimacy of a responding server during calls to offline or disabled servers. Attackers can exploit this by setting up a malicious RPC server that impersonates a legitimate endpoint, using the RpcImpersonateClient API to escalate privileges from low-privileged accounts to SYSTEM or Administrator levels. Five distinct exploitation paths have been identified: 1. gpupdate.exe coercion: An attacker can intercept an RPC call made by the Group Policy Client service when executing gpupdate /force, granting SYSTEM-level access if TermService is disabled. 2. Microsoft Edge startup: Launching msedge.exe triggers an RPC call to TermService, allowing privilege escalation from Network Service to Administrator via a spoofed endpoint. 3. WDI background service: The Diagnostic System Host polls TermService regularly, enabling an attacker to exploit this without user interaction. 4. ipconfig.exe and DHCP Client: Running ipconfig.exe initiates an RPC call to the DHCP Client service, allowing a Local Service attacker to elevate privileges if DHCP is disabled and a fake server is present. 5. w32tm.exe and Windows Time: An attacker can expose a named pipe endpoint, allowing them to impersonate any privileged user executing the Windows Time executable. The vulnerability was reported to Microsoft on September 19, 2025, but Microsoft categorized it as moderate severity and closed the case without a patch, as the attack requires SeImpersonatePrivilege, which is granted by default to certain accounts. Organizations are advised to implement defensive measures such as enabling RPC monitoring, ensuring legitimate services are running, and restricting SeImpersonatePrivilege. Kaspersky has provided tools for auditing environments for exploitable RPC call patterns through the PhantomRPC GitHub repository.

AppWizard

April 8, 2026

VP Duterte warns public vs individuals posing as her on messaging app

Vice President Sara Duterte has warned the public about individuals impersonating her on messaging platforms. She posted on her Facebook and the Office of the Vice President's official page, advising citizens to be cautious of suspicious messages claiming to be from her. A screenshot of a conversation was included where the impersonator requested a list of supportive congressmen. Duterte emphasized not to engage, share personal information, or send money, stating she does not solicit favors from the public.

AppWizard

April 3, 2026

NCSC warns of messaging app targeting by Russia-linked actors

The UK National Cyber Security Centre (NCSC) has warned of an increase in cyber threats from Russia-based actors, targeting high-risk individuals through messaging applications like WhatsApp, Signal, and Messenger. These threats involve deceptive tactics such as coaxing users for login codes, unauthorized device access, group chat infiltration, impersonation of trusted contacts, and phishing links. The targeting is linked to state-affiliated groups from Russia, China, and Iran. High-risk individuals are those with access to sensitive information or influential roles. The NCSC recommends several protective measures: enabling two-step verification, not sharing verification codes, monitoring linked devices, being cautious with unknown contacts, limiting personal app use for work, and using disappearing messages to reduce data exposure.

AppWizard

March 12, 2026

Meta Rolls Out Scam Warnings on Facebook, Messenger, and WhatsApp

Meta is implementing measures to combat scams on its platforms, including Facebook, Messenger, and WhatsApp, by using artificial intelligence and forming enforcement partnerships. Users will receive real-time alerts on Facebook for suspicious friend requests, and Messenger will enhance scam detection by analyzing conversation patterns. WhatsApp will notify users of unusual device-linking attempts to secure accounts. Meta has removed over 159 million scam ads and disabled 10.9 million fraudulent accounts, collaborating with law enforcement to disable more than 150,000 accounts and effect 21 arrests. The company plans to mandate advertiser verification for high-risk categories to reduce fraudulent ads and aims for verified advertisers to account for 90% of ad revenue. The success of these initiatives will be measured by reductions in reported losses and chargebacks.

AppWizard

March 12, 2026

Meta Upgrades Safety Features of Facebook, Messenger, and WhatsApp to Protect Users From Fraud

Meta is implementing new safety measures to enhance user protection against online scams on its platforms, including Facebook, Messenger, and WhatsApp. The company is expanding its use of artificial intelligence (AI) for scam detection, integrating a system that analyzes text, images, links, and account behavior to identify impersonation attempts. User alerts will be introduced to warn Facebook users about suspicious friend requests and to flag risky messages in Messenger. WhatsApp users will receive notifications for suspicious device linking requests. Meta has removed over 159 million scam advertisements and disabled 10.9 million accounts. It is collaborating with global law enforcement to combat scam networks, including a recent effort that led to the disabling of more than 150,000 accounts linked to scam centers in coordination with the Royal Thai Police.

AppWizard

March 11, 2026

Meta Launches New Anti-Scam Tools on WhatsApp, Facebook, and Messenger

Meta has introduced a set of security tools for WhatsApp, Facebook, and Messenger to enhance user protection against scams. These tools utilize artificial intelligence to detect impersonation attempts and identify deceptive links, with the aim of removing malicious accounts proactively. In the previous year, Meta removed over 159 million scam ads and terminated 10.9 million accounts associated with scams. New features include alerts for users when scammers attempt to link their WhatsApp to a fraudulent device and notifications for suspicious Facebook friend requests, which provide information on account creation dates and mutual friends. Additionally, Meta is expanding its scam detection tools in Messenger to more countries, allowing users to report suspicious messages for AI analysis.

Winsage

March 4, 2026

PoC Exploit Released for Microsoft Windows Error Reporting ALPC Privilege Escalation

A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.