Injection Archives

AppWizard

February 10, 2026

Google Translate’s latest upgrade surprised everyone by turning into a chatbot

Google Translate’s new AI-powered Advanced mode can engage in conversation rather than just translating text due to "prompt injection," which causes the model to struggle with distinguishing between translation requests and instructions. Users have found that this mode, based on a Gemini-based large language model, can respond to inquiries rather than providing straightforward translations. The older Classic mode remains a reliable option for consistent translations without unexpected interactions.

Winsage

January 16, 2026

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Jen Easterly has been appointed as the new Chief Executive Officer of the RSA Conference. She is a cybersecurity expert and former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Palo Alto Networks has released security updates for a vulnerability (CVE-2026-0227) with a CVSS score of 7.7 affecting its GlobalProtect Gateway and Portal, which can cause a denial-of-service condition in PAN-OS software. The January 2026 security update from Microsoft has caused connection and authentication failures in Azure Virtual Desktop and Windows 365, affecting users across various Windows versions. Microsoft is working on a resolution. The chief constable of West Midlands Police acknowledged an error by Microsoft’s Copilot AI in generating a fictional intelligence report. Microsoft has not confirmed Copilot's involvement. Britain’s National Cyber Security Centre (NCSC) has collaborated with Five Eyes partners to provide guidance on securing industrial operational technology, highlighting risks associated with remotely monitored systems. Kyowon, a South Korean conglomerate, confirmed a ransomware attack on January 10 that may have compromised customer information, affecting approximately 5.5 million members. Researchers at Varonis have identified a new attack technique called "Reprompt" that allows data exfiltration from Microsoft Copilot via a malicious link, exploiting a Parameter 2 Prompt (P2P) injection technique. Central Maine Healthcare is notifying over 145,000 patients about a data breach that compromised personal, treatment, and health insurance information, discovered on June 1.

Tech Optimizer

January 12, 2026

Trend Micro releases critical security fixes for Apex Central RCE

Trend Micro has addressed a security vulnerability in its Apex Central platform, identified as CVE-2025-69258, which allowed unauthenticated DLL injection and remote code execution. The company released Critical Patch Build 7190 to fix this vulnerability and two others, CVE-2025-69259 and CVE-2025-69260. Organizations are urged to implement the patch immediately, as temporary mitigations are deemed insufficient for long-term security. Apex Central is a self-hosted platform for managing Trend Micro's security products.

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.

Tech Optimizer

January 7, 2026

Fake error popups are spreading malware fast

A new cybercrime tool called ErrTraffic has emerged, simplifying malware dissemination through deceptive fake error messages that prompt users to address non-existent issues. The attacks begin on compromised websites, where users encounter distorted text and pop-ups suggesting a browser update or font installation. Clicking the provided button copies a command to the clipboard, instructing users to paste it into PowerShell, which triggers the malware infection. ErrTraffic automates this process, requiring minimal investment for attackers to access a control panel and scripted payload delivery. It operates via JavaScript injection, adapting to the user's operating system and browser to display tailored messages. This method effectively bypasses traditional malware defenses, achieving high conversion rates, with nearly 60% of users following through with the instructions. Infected devices may deploy infostealers or banking trojans, with the system designed to evade law enforcement by excluding certain regions. To mitigate risks, users should avoid copying commands from websites, trust built-in update notifications, use robust antivirus software, and regularly remove personal information from data broker sites.

Tech Optimizer

January 6, 2026

How to speed up mass data inserts in PostgreSQL when using Spring

A common task in enterprise systems involves loading large volumes of data into PostgreSQL, which can be slow if using a loop in Java that calls the save() method for each record. Initial tests show that a basic insert operation takes over 10 minutes. Hibernate retains every object in the session-level cache until the transaction concludes, leading to high memory consumption. Enabling batching with the jdbc.batch_size setting improves performance by about 23%, but high memory usage persists. Application-side caching of IDs is faster than database-side caching, achieving a 30% performance gain. Using saveAll() results in minimal improvement as it still calls save() in a loop. Enabling reWriteBatchedInserts in the JDBC driver allows for multi-row inserts, reducing operation time to 4 minutes and 37 seconds. Clearing the session-level cache with EntityManager further optimizes memory usage, resulting in an 18-second time gain. Setting order_inserts=true enhances batching efficiency. With all optimizations, insertion time is reduced to 4 minutes and 19 seconds. A custom data insertion layer can be created to generate INSERT statements, with reflection being a straightforward but not optimal method. Prepared statements improve performance and security, with an efficient batch size of 5,000 records. PostgreSQL's COPY command facilitates faster bulk data transfers than multi-row inserts. Integrating COPY with Spring transactions enhances performance, and parallelizing the insertion process with a ThreadPoolExecutor significantly improves speed and memory usage.

Winsage

December 24, 2025

Windows 11 driver hack boosts NVMe SSD performance by up to 85%

Windows 11 has recently begun to unlock the full potential of NVMe SSDs through registry modifications that enable a pseudo driver injection, resulting in nearly double the random write performance in certain scenarios. A native NVMe driver was rolled out in a recent update to Windows Server 2025, but it is not enabled by default in consumer versions of Windows 11. Users can activate it through specific registry edits. Testing by users revealed significant enhancements in random read and write performance after implementing these changes, with one user noting an 85% improvement in random write speeds. However, caution is advised when making registry edits, as some users have experienced loss of access to their file systems, which was recoverable by reverting the changes. There is no official timeline for when Microsoft will make the native NVMe driver available for Windows 11.

Winsage

December 18, 2025

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A newly identified cyber threat cluster called LongNosedGoblin has been linked to cyber espionage attacks targeting governmental entities in Southeast Asia and Japan, with activities traced back to at least September 2023. The group uses Group Policy to spread malware and employs cloud services like Microsoft OneDrive and Google Drive for command and control. Key tools include NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, which perform functions such as collecting browser history, executing commands, and logging keystrokes. ESET first detected LongNosedGoblin's activities in February 2024, identifying malware on a governmental system. The attacks showed a targeted approach, with specific tools affecting select victims. Additionally, a variant of NosyDoor was found targeting an organization in an EU country, indicating a possible connection to other China-aligned threat groups.

Winsage

December 18, 2025

Microsoft Eases Windows 11 Smart App Control with Toggle Option

Microsoft's Smart App Control feature in Windows 11 is designed to evaluate and block potentially harmful applications by cross-referencing them against a database of known safe software. Initially, it required a clean installation to enable or disable, which hindered its adoption. Recent updates have removed this requirement, allowing users to toggle the feature on or off directly through the Windows Security app without a system reset. This change addresses user complaints and enhances usability, particularly for developers and IT professionals managing multiple devices. The feature employs artificial intelligence for real-time decisions on app safety and integrates with other Microsoft security tools. Feedback from the tech community has been positive, highlighting the update as a significant improvement in balancing security and user flexibility.

AppWizard

December 17, 2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) called Cellik has appeared on underground cybercrime forums, offering capabilities for a subscription fee of 0 per month or a one-time payment of ,000 for lifetime access. This malware can be embedded into any app on the Google Play Store, creating trojanized versions of popular applications while maintaining the original app's interface. Cellik includes features such as real-time screen capture, interception of app notifications, filesystem access, data wiping, and secure communication with a command-and-control server. It also has a hidden browser mode that allows attackers to use the victim's stored cookies and an app injection system for overlaying fake login screens. The malware can inject payloads into installed apps, complicating detection. Cellik is designed to bypass Google Play security features, raising concerns about the effectiveness of automated reviews and device-level scanners.