infrastructure Archives

Winsage

March 2, 2026

Still on Windows 10? That’s a security risk now

Microsoft Windows 11 Pro is available for .97, reduced from its regular price of 9, until March 8 at 11:59 P.M. Pacific. Windows 11 Pro includes enhanced security features such as TPM 2.0 support, BitLocker device encryption, Smart App Control, and Windows Sandbox. It also offers productivity tools like Hyper-V, Azure AD support, Snap layouts, and AI-assisted Copilot integration. Minimum system requirements for the upgrade include a 1 GHz or faster 64-bit processor, 4GB RAM, 64GB storage, UEFI firmware with Secure Boot, TPM 2.0, and DirectX 12 compatible graphics.

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Tech Optimizer

February 28, 2026

Migrate PostgreSQL from DigitalOcean to AWS

The video tutorial explores two methods for migrating PostgreSQL databases from DigitalOcean to AWS. The first method uses native PostgreSQL CLI tools (pg_dump and pg_restore) for smaller databases. The second method employs AWS Database Migration Service (DMS) for larger databases, allowing for a seamless transition with minimal downtime. Key steps in the DMS process include creating replication instances, setting up endpoints, and configuring migration tasks. The video is divided into chapters covering both migration methods.

AppWizard

February 27, 2026

Realms vs Hosting for Smooth Multiplayer Minecraft Setup

Minecraft Realms is designed for minimal friction, serving as a "no admin" solution for gaming groups. Each Realm accommodates three persistent world slots, allowing friends to access the active world anytime, even when the owner is offline. Realms feature automatic backups to restore worlds and simplify undoing changes. They are ideal for groups that prefer convenience and a vanilla experience. In contrast, hosting provides greater control, enabling the use of plugins, modpacks, and performance tuning. Key considerations before choosing a server include server region, SSD storage, backup processes, upgrade options, and support quality. A checklist can help prevent troubleshooting issues later. Establishing a Minecraft Realms list can streamline decision-making for groups with varying preferences.

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

Tech Optimizer

February 23, 2026

Databricks Introduces Lakebase, a PostgreSQL Database for AI Workloads

Databricks has launched Lakebase, a serverless database solution based on PostgreSQL that allows independent scaling of compute and storage resources. It integrates with the Databricks platform, combining transactional and analytical functionalities. Lakebase aims to simplify real-time application and AI workload development by consolidating database management, analytics, and governance. Key features include instant data branching, point-in-time recovery, and unified access controls. It is designed to address the limitations of traditional operational databases, which struggle with modern AI demands. Lakebase offers a managed PostgreSQL service, supporting up to 8TB per instance and featuring pgvector for AI-driven search. It has been in development since June 2025, utilizing technology from the PostgreSQL company Neon and enhanced by the acquisition of Mooncake. Lakebase is available in Autoscaling and Provisioned versions, with the Autoscaling version billed based on usage. It is currently available on AWS, in public preview on Azure, and expected on Google Cloud later this year. SOC2 and HIPAA certifications are projected for early 2026.

Winsage

February 21, 2026

We’re not the only ones saying it: Windows 11 desperately needs a single privacy toggle

The process of enhancing privacy on Windows 11 involves navigating a complex array of settings aimed at limiting data collection by Microsoft. During the out-of-box experience, users encounter a privacy page that offers choices regarding diagnostics, tailored experiences, advertising IDs, and location services, but the actual privacy controls are fragmented and often ineffective. Microsoft's integration of services like OneDrive and its backup system complicates privacy management, and while users can adjust diagnostic data settings to reduce telemetry, complete elimination of data collection is not possible across most editions. This complexity leaves users uncertain about the extent of their data exposure.

AppWizard

February 20, 2026

Proton VPN has removed OpenVPN support for Android – here’s what you need to know

Proton VPN has updated its Android application by removing support for the OpenVPN protocol, citing its outdated nature and slower performance compared to newer protocols like WireGuard and its proprietary Stealth protocol. Users can no longer select OpenVPN in the app, but Proton VPN's servers will still support OpenVPN connections through manual configuration with third-party applications. However, manual configuration files downloaded before September 2023 are no longer supported, and users must download updated files before February 28, 2026, as older configurations will stop working after that date. The removal of OpenVPN has reduced the app's size by approximately 36% and aims to improve efficiency and connection speeds while maintaining security standards.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.