installers Archives

Winsage

May 1, 2026

Windows 11 KB5083631: Faster File Explorer And New Format Support

Microsoft has released the optional KB5083631 update for Windows 11 (Builds 26200.8328 and 26100.8328, version 24H2). Key features include a new Xbox Mode and an improved File Explorer experience, enhancing speed and stability. The update expands native file handling capabilities, allowing users to open and extract formats like .nupkg, .xar, .uu, and .cpio without third-party software. It integrates elements from Project K2 for optimization and improves the reliability of the explorer.exe process. Interface refinements include retaining the “Extra Large Icons” setting in the Downloads folder, fixing a “white flash” glitch in Dark Mode, and maintaining folder viewing preferences. The update package is about 5.1 GB for x64 systems and 4.6 GB for ARM architectures, with no major known issues reported. It can be accessed via Windows Update or offline installers, and these enhancements will be included in the mandatory May 2026 Patch Tuesday release.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.

AppWizard

April 22, 2026

PC Gamers Have Until April 28 to Claim 2022 Folk Horror Game for Free and Keep It Forever

A first-person folk horror game from 2022 is currently available for free on GOG until April 28. The GOG Galaxy launcher is optional, and the game is provided as a DRM-free download, allowing offline play.

Tech Optimizer

April 21, 2026

Safeguarding Against the Personal Attack Chain in the Age of “Always On” Connectivity

The cybersecurity industry has focused on protecting corporate perimeters, but cybercriminals are increasingly targeting executives and their families, exploiting personal vulnerabilities. Executives are twelve times more likely to be targeted than average employees, with over half experiencing personal breaches. The Personal Attack Chain is a multi-stage process where attackers exploit an executive's personal digital footprint to gain access to corporate resources. The stages include reconnaissance, intrusion, lateral movement, and action on objectives. Reactive security measures are insufficient; proactive intelligence is necessary to identify threats before they reach organizations. Home security is often compromised by vendors, and travel increases vulnerability. Digital Executive Protection (DEP) is becoming essential for safeguarding executives and their families, balancing privacy, convenience, and security. Effective strategies include minimizing digital footprints, safeguarding devices and networks, providing identity theft protection, and educating executives on online safety. Personal cybersecurity is now a corporate imperative, requiring a holistic approach to protect individuals and organizations alike.

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

Tech Optimizer

April 16, 2026

Trend Micro Security Suite Pro Plus Review 2026: Is It The Best Protection?

The review of Trend Micro Security Suite Pro Plus highlights its features, pricing, and performance. The subscription costs A.95 for a 12-month period and includes multi-device antivirus protection, anti-scam software, a VPN, and identity theft protection. The pricing structure for other plans ranges from A.95 for Maximum Security to A9.95 for Security Suite Ultimate. Key features include AI-scam detection, gamer mode, and Folder Shield for ransomware protection. The installation process requires separate logins for each component, which is seen as outdated. The user interface is functional but minimalistic, and compatibility extends to Windows, MacOS, iOS, and Android. The VPN is developed in-house, and phishing protection is provided through a browser extension. Lab tests show mixed results, with Trend Micro performing well in real-time web threat protection but lagging in offline malware detection. Overall, it is considered a competitively priced option for online security.

Winsage

April 14, 2026

Windows 11 KB5083769 out with improved /scannow, direct download links for offline installers (.msu)

Windows 11 has started rolling out update KB5083769, which introduces the ability to disable Smart App Control and provides offline installers for direct download. The update will automatically download and install unless users have paused updates for up to five weeks. Upon installation, Windows 11 25H2 will advance to Build 26200.8246, while version 24H2 will progress to Build 26100.8246. Users can check their update status in Settings > System > About. The update includes several .NET Framework security updates (KB5082417, KB5086097, KB5086096). The size of the April 2026 Update is approximately 5.1GB for x64 systems and under 4.5GB for arm64. New features include the ability to toggle Smart App Control, enhanced integration of Microsoft 365 in Windows Settings, modernized dialogs in Settings, and improvements to the sfc /scannow feature for accurate status reports.

Tech Optimizer

April 10, 2026

Popular Monitor Utilities, CPU-Z And HWMonitor, Have Been Infected With Malware

Recent reports indicate that the hardware monitoring tools HWMonitor and CPU-Z have been compromised, leading to users downloading malware instead of the legitimate software. Users reported receiving suspicious executable files and antivirus alerts when attempting to download the latest versions. A specific incident involved a user who downloaded HWMonitor from the official CPUID website, only to find the file was labeled incorrectly and flagged as a virus by Windows Defender. Cybersecurity experts confirmed that this is a serious issue involving a multi-stage trojanized attack from a compromised domain. The developer of CPU-Z and HWMonitor acknowledged that a secondary feature linked to the website was compromised for about six hours, causing the main website to display incorrect files. Users are advised to refrain from downloading or updating these utilities until the issue is resolved.

Winsage

April 1, 2026

WhatsApp on Windows users targeted in new campaign, warns Microsoft

Microsoft researchers have identified a campaign that exploits WhatsApp attachments to infiltrate Windows machines, allowing attackers remote control. The attack uses social engineering tactics, where users receive a seemingly benign .vbs (Visual Basic Script) file that can be executed on Windows. This method does not rely on software vulnerabilities but on persuading victims to execute the malicious file. Attackers manipulate built-in Windows tools to download further malware, employing a technique known as living off the land (LOTL) to avoid detection. The malware seeks to elevate its privileges to administrator status, modifying User Account Control (UAC) prompts and registry settings for persistence. An unsigned MSI (Microsoft Installer) is deployed to establish remote-access software, granting continuous access to the compromised machine.