intrusions Archives

AppWizard

June 5, 2026

“2,000 to 3,000 new hits every single day”: Dangerous malware “WeedHack” hides in Minecraft mods, gives attackers webcam access, Steam and Discord passwords, and more

Minecraft's modding community is facing a threat from a malware called WeedHack, identified by McAfee researchers. This malware is part of a Malware-as-a-Service campaign that has been active since January and is notably affordable compared to other hacking tools. WeedHack targets systems that mod Minecraft and can compromise Discord accounts, browsers, and cryptocurrency wallets. To reduce risks, users are advised to download mods only from reputable sources like CurseForge and Modrinth, and to invest in strong security software, such as McAfee, which offers features to protect against such threats.

Tech Optimizer

June 4, 2026

How We Test Antivirus and Security Software

Most software applications clearly indicate their functionality, but the effectiveness of antivirus utilities is often less tangible. PCMag rigorously evaluates antivirus products through comprehensive tests that validate their claims, including real-world malware samples and various protective measures. Each antivirus tool is assessed based on its on-demand scanner and real-time monitor capabilities. PCMag compiles fresh malware samples annually, analyzing them to ensure they are suitable for testing. The testing process includes evaluating malware-blocking capabilities and web-level protection against known malware-hosting sites. Phishing site detection is also tested using recent URLs, and antispam testing has been simplified due to the effectiveness of email providers. Performance impact tests have been discontinued as modern security suites show improved efficiency. Firewall protection is evaluated through program control, exploit defenses, and overall resilience against malware. Parental control features are tested for effectiveness in content filtering and monitoring. Ransomware protection is assessed by releasing real-world samples in a controlled environment. PCMag monitors independent antivirus lab tests from various organizations, including AV-Test, AV-Comparatives, SE Labs, MRG-Effitas, and AVLab, to inform their reviews. An aggregate testing score is calculated to summarize lab results. Testing methodologies do not include VPN evaluations, which are covered separately.

AppWizard

May 29, 2026

Camera events in Google Home can be your next automation in this late May patch

Google has released a late May update for Gemini for Home and its Home app, introducing a "visual insights" feature that allows connected cameras to automate responses based on detected events. The update includes refined media controls, improved speed for common commands, and the ability to execute multiple tasks from a single command. Apple Music support has been reinstated, and Bluetooth pairing has been simplified. The user interface for the Familiar Faces feature has been refreshed, and smart home widgets have improved responsiveness. Google has also expanded Gemini for Home to carriers and hardware manufacturers, enabling easier integration of its features into devices. Additionally, a Home Premium plan is being introduced to Internet Service Providers, carriers, and security companies.

Winsage

May 26, 2026

Tame Windows 11 with Winhance + Group Policy as your preventive Affirmative Defense against undesired advertising, bloat and espionage by Allan Tépper

Users of Windows 11 face issues with unwanted advertising, bloatware, and privacy concerns. To combat these, a combination of Group Policy and Winhance is recommended. Group Policy can be used to preemptively instruct Windows to ignore specific undesired elements, while Winhance addresses issues that may re-emerge after updates. Group Policy is referred to as "Directivas de grupo local" in Castilian. Before implementing policies, Windows should be fully updated. Two essential policies to enhance control include removing default Microsoft Store packages and opting out of sending diagnostic data to Microsoft. Group Policies can be saved and shared if the target computer matches the original system's version and update status. Winhance is a tool that monitors and manages unwanted applications, offers customization options, and provides a list of third-party apps for replacing built-in applications.

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

Winsage

May 11, 2026

New GhostLock tool abuses Windows API to block file access

A security researcher has developed a proof-of-concept tool called GhostLock, which exploits a vulnerability in the Windows file API, specifically the 'CreateFileW' function. By manipulating the 'dwShareMode' parameter to grant exclusive access to files, GhostLock can prevent other users or applications from opening those files, resulting in a 'STATUSSHARINGVIOLATION' error. The tool automates the process of opening multiple files on SMB shares, causing access disruptions without requiring elevated privileges. This technique is intended as a disruption attack rather than a destructive one, similar to ransomware, and can serve as a diversion during intrusions. Detection of this attack relies on monitoring the open-file count with ShareAccess set to 0 at the file server layer. Dvash has provided resources for IT teams to enhance detection capabilities against this threat.

AppWizard

April 27, 2026

RIP Signal: Russians kill trust in many EU diplomats’ beloved messaging app

Signal is experiencing a crisis of trust due to security breaches, including successful infiltrations by Russian hackers in Germany and the Netherlands. Senior EU officials have disbanded a Signal group due to hacking fears. Accessing Signal chat content on the dark web can cost between ,000 to ,000, while WhatsApp data is cheaper, ranging from ,000 to ,000. Personal information, such as travel histories, can be bought for 0 to 0, especially for individuals who have traveled to countries known for data leaks. Investigations revealed that Russian diplomats' medical records, banking information, and dating site usernames are available on the black market. Location tracking can be precise when certain applications are downloaded. A Kazakh refugee in Brussels faced high-definition surveillance, and local laws challenge private detectives' effectiveness. State actors have used Israeli spyware like Pegasus to target journalists and adversaries. The prospect of secure communication is diminishing, with online exchanges increasingly seen as vulnerable.

Tech Optimizer

April 21, 2026

Even trusted apps can infect your PC with malware now

Recent supply-chain attacks are increasingly targeting well-known software such as CCleaner, Steam games, and Notepad++, allowing hackers to distribute malware through legitimate updates. The introduction of artificial intelligence has accelerated the frequency and sophistication of these attacks, with hackers compromising developers or exploiting third-party tools to inject malicious code. Notepad++ was specifically affected by a supply-chain attack where a compromised third-party tool led to the distribution of tainted software. Attackers use various strategies, including hacking developers' credentials, purchasing access, or compromising tools relied upon by developers. Antivirus software is crucial for protecting users from malware, even from trusted sources, as modern solutions have minimal impact on system performance.

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

AppWizard

March 25, 2026

This hidden Android feature will help stop phone snoops in their tracks

Many individuals experience their personal space being invaded when friends or family members explore their smartphones. To safeguard against this, the Privacy Display feature on the Galaxy S26 Ultra can be used, along with a lesser-known Android feature that enhances privacy. When sharing a phone, the app pinning feature can lock a specific application in place, preventing unauthorized navigation and maintaining control over what is displayed on the screen. This tool helps ensure privacy while allowing for shared experiences.