Injection Archives

Tech Optimizer

July 7, 2025

XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses

The XWorm Remote Access Trojan (RAT) has evolved its attack strategies by incorporating advanced stagers and loaders to evade detection. It is known for its capabilities, including keylogging, remote desktop access, data exfiltration, and command execution, and is particularly targeted at the software supply chain and gaming sectors. Recent campaigns have paired XWorm with AsyncRAT for initial access before deploying ransomware using the leaked LockBit Black builder. XWorm utilizes various file formats and scripting languages for payload delivery, often through phishing campaigns with deceptive lures like invoices and shipping notifications. It employs obfuscation techniques, including Base64 encoding and AES encryption, and manipulates Windows security features to avoid detection. Persistence mechanisms such as registry run keys and scheduled tasks ensure sustained access. XWorm conducts system reconnaissance, queries for antivirus software, and attempts to disable Microsoft Defender. It can propagate via removable media and execute commands from command-and-control servers. The Splunk Threat Research Team has developed detections for suspicious activities related to XWorm infections. Indicators of compromise include various file hashes for different scripts and loaders associated with XWorm.

AppWizard

July 5, 2025

I wouldn’t be able to use my gaming PC without this one mod

Special K is a versatile utility for PC gaming that enhances gameplay across various titles. It features a frame rate limiter that improves consistency, surpassing Nvidia's built-in limiter in minimum frame rates during tests. Special K allows users to force games into borderless or exclusive fullscreen modes, enable Nvidia Reflex, adjust DLSS settings, and link input devices to specific applications. It also addresses HDR support issues by enabling HDR injection in games that lack native support, with extensive customization options for HDR settings. Originally developed to fix problems in PC ports like Fallout 4 and Batman: Arkham Knight, it has evolved to optimize a wide range of games, including Elden Ring, Monster Hunter: World, and Final Fantasy VII Remake. Special K has limitations with online games due to anti-cheat concerns but is highly applicable for single-player titles. The introduction of the SKIF GUI has made it more accessible for users.

Tech Optimizer

July 5, 2025

Critical PHP Vulnerabilities Expose Systems to SQL Injection & DoS Attacks

A security vulnerability identified as CVE-2025-1735 in the PHP pgsql extension has been disclosed, classified with moderate severity. It arises from inadequate error checking during input data escaping, specifically the failure to pass error parameters to the PQescapeStringConn() function and not verifying NULL values from PQescapeIdentifier(). This flaw affects PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, allowing potential SQL injection attacks and application crashes due to null pointer dereferences. The vulnerability is linked to a recent PostgreSQL vulnerability (CVE-2025-1094) related to invalid multibyte character handling. Developers are urged to upgrade to patched releases to mitigate risks.

Tech Optimizer

July 5, 2025

Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks

Critical security vulnerabilities in PHP, identified as CVE-2025-1735 and CVE-2025-6491, pose risks for SQL injection attacks and denial of service (DoS) conditions. These vulnerabilities affect PHP versions below 8.1.33, 8.2.29, 8.3.23, and 8.4.10. CVE-2025-1735 relates to the PostgreSQL extension, where insufficient error checking during string escaping can lead to SQL injection vulnerabilities and application crashes. This flaw is associated with PostgreSQL's CVE-2025-1094. CVE-2025-6491 affects the SOAP extension, causing segmentation faults when a SoapVar instance has a namespace prefix exceeding 2GB, which can lead to application termination. This issue is linked to limitations in libxml2 versions prior to 2.13. Patches are available for all affected PHP versions to mitigate these vulnerabilities. CVE-2025-1735 has a CVSS score of 9.1 (Critical), while CVE-2025-6491 has a CVSS score of 5.9 (Moderate).

Winsage

June 23, 2025

Introducing Mu language model and how it enabled the agent in Windows Settings

Mu is a small language model designed to run locally on Copilot+ PCs, specifically optimized for Neural Processing Units (NPUs). It is a 330M encoder-decoder model that translates natural language queries into actionable settings function calls, enhancing user experience. Mu achieved approximately 47% lower first-token latency and 4.7× higher decoding speed compared to a decoder-only model on a Qualcomm Hexagon NPU. The model incorporates advanced techniques such as Dual LayerNorm, Rotary Positional Embeddings, and Grouped-Query Attention to improve performance while maintaining a compact size. It was trained using A100 GPUs on Azure, pre-training on hundreds of billions of educational tokens and fine-tuning on tasks like SQUAD, CodeXGlue, and the Windows Settings agent. Mu's quantization techniques converted model weights from floating-point to integer representations, optimizing performance on edge devices. The Settings agent was fine-tuned with a dataset of 3.6 million samples to achieve response times under 500 milliseconds, effectively managing user queries related to Windows settings.

AppWizard

June 22, 2025

Counterfeit Minecraft mods deliver malware

A series of sophisticated cyberattacks using ACR Stealer-based Amatera Stealer malware have been executed as part of ClearFake web injection campaigns between April and May. These campaigns utilize advanced techniques, including EtherHiding to obscure malicious activities, targeting smart contracts on the Binance Smart Chain for unauthorized access, and ClickFix Exploitation to manipulate user interactions for executing harmful scripts.

Winsage

June 20, 2025

Microsoft boosts default security of Windows 365 Cloud PCs

Microsoft is enhancing its Windows 365 Cloud PCs with new security features starting in May 2025. All newly provisioned and reprovisioned Cloud PCs using a Windows 11 gallery image will have Virtualization-Based Security (VBS), Credential Guard, and Hypervisor-Protected Code Integrity (HVCI) enabled by default. VBS creates a secure environment to protect system processes, Credential Guard secures authentication credentials, and HVCI ensures only verified code runs at the kernel level. Additionally, beginning in the latter half of 2025, clipboard, drive, USB, and printer redirections will be disabled by default on newly provisioned and reprovisioned Cloud PCs to mitigate security risks, although IT administrators can re-enable these features if needed.

Winsage

June 11, 2025

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

On June 2025 Patch Tuesday, Microsoft released security updates for 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day vulnerability. The updates addressed ten "Critical" vulnerabilities, with eight being remote code execution vulnerabilities and two related to elevation of privileges. The breakdown of vulnerabilities includes 13 Elevation of Privilege, 3 Security Feature Bypass, 25 Remote Code Execution, 17 Information Disclosure, 6 Denial of Service, and 2 Spoofing vulnerabilities. The actively exploited zero-day vulnerability is CVE-2025-33053, a WebDAV Remote Code Execution vulnerability, while the publicly disclosed zero-day is CVE-2025-33073, a Windows SMB Client Elevation of Privilege vulnerability. Other companies also released updates in June 2025, including Adobe, Cisco, Fortinet, Google, HPE, Ivanti, Qualcomm, Roundcube, and SAP, addressing various vulnerabilities across their products.

Winsage

June 8, 2025

Windows 10 is ending: How to install Windows 11 on an unsupported PC

Support for Windows 10 will officially conclude in October 2025, prompting users to seek alternative solutions for security and updates. Users with devices that do not meet Windows 11 requirements can install it on unsupported hardware using a tailored ISO and a tool called MicroWin. To create a personalized Windows 11 image, users must run a command in the Windows terminal to activate WinUtil, which allows downloading the latest official ISO from Microsoft. Users can customize their installation settings and generate a modified, lighter ISO. After creating the ISO, it can be transferred to a USB drive for installation. This method helps extend the lifespan of older PCs as users transition from Windows 10.

Tech Optimizer

June 5, 2025

UltraAV Delivers Continuous Innovation in Antivirus Protection

UltraAV, an antivirus solution from Point Wild, has introduced significant enhancements to improve threat protection and user experience. Key updates include: - Advanced AV Engine upgrades for faster scans and improved detection rates across versions 12.0, 12.3, 12.4, and 12.7.2. - The ability to scan external USB devices and schedule recurring scans, introduced in version 12.8. - Expanded privacy and identity protections for premium users, including identity theft monitoring and real-time fraud alerts. - Seamless integration with Total Cleaner for premium subscribers, enhancing app reliability (versions 12.7 and 12.7.1). - Self-protection features to safeguard UltraAV binaries from malware (version 12.8). - URL filtering to block harmful URLs for Chrome users (version 12.4). UltraAV is built on over 20 years of research and development, integrating real-time threat intelligence and AI-driven detection. Point Wild, the parent company, provides cybersecurity solutions to over 25 million users globally.