investigation Archives

Winsage

May 22, 2026

Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures

Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries. Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million. Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.

AppWizard

May 22, 2026

Minecraft-playing grandma swatted when livestreaming to raise funds for grandson’s cancer treatment

An 81-year-old Arizona grandmother, Sue Jacquot, known as “GrammaCrackers,” was involved in a swatting incident during a Minecraft fundraiser for her grandson's cancer treatment. Jacquot streamed her gameplay for 15 days to raise funds for her grandson, Jack Self, who has sarcoma cancer, garnering significant community support. On a recent Monday, police responded to a false report claiming Jacquot had been shot, leading to a tactical response from law enforcement. The malicious call falsely alleged that Jack had harmed his grandmother and threatened to take his own life. Despite the incident, Jacquot remains committed to her gaming and fundraising efforts. Police are investigating the swatting call.

Winsage

May 19, 2026

Microsoft plans to improve Windows 11 driver quality in 2026

Microsoft is launching the Driver Quality Initiative (DQI) to improve the quality of Windows 11 drivers, which are crucial for the operating system's performance. The initiative includes four pillars: encouraging the use of safer user-mode drivers, implementing rigorous partner verification processes, enhancing the Windows Update catalog, and focusing on stability and performance. Microsoft plans to collaborate with partners like AMD and Intel to achieve these goals. AMD's Director of Software Engineering emphasized that driver quality is a shared commitment. Additionally, Microsoft aims to enhance Windows 11 by reintroducing features like a movable taskbar and improving performance for lower memory devices, with gradual improvements expected in the coming months.

AppWizard

May 19, 2026

“I thought it was a Steam game”… Malicious code found planted on users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was misrepresented as a turn-based strategy game despite displaying characteristics of a first-person horror game. Tech YouTuber Eric Parker identified it as an 'asset flip' and revealed that it distributed malware designed to steal cryptocurrency wallet information and Roblox account credentials. The malware was embedded in a DLL file activated upon the game's execution. Following Parker's findings, Valve removed the game from its platform within a day. The gaming community has seen similar incidents, such as the 'Blockbusters' game in September 2025, which was involved in a malware scheme that stole cryptocurrency. Security experts advise caution when installing free games that appear hastily produced.

AppWizard

May 18, 2026

Hauntingly Beautiful Horror Game Gets Free Taster On PC Ahead Of Release

Black Omens: House of Crimson Silk is a horror game set in fictional Edo-era Japan, where players assume the role of Idate Chiyo, a junior investigator in the Tokugawa Shogunate’s Magical Arcane Division. The game features the Hon'iden Mansion, an abandoned estate rumored to be haunted, and involves solving escape room-style puzzles while using supernatural abilities to interact with the paranormal. A free demo is available for download on Steam and itch.io, and early player feedback highlights its atmospheric qualities. The game revolves around uncovering the mystery of a vanished merchant family, but a definitive launch date for the full version has not been announced.

AppWizard

May 18, 2026

After fixing a family friend’s phone, I realized Google Play Protect is not doing enough

An elderly relative and a friend were misled into downloading problematic apps due to deceptive advertisements that appeared as system notifications. These ads led users to the Play Store under false pretenses, resulting in the installation of apps that generated excessive ads and altered user interfaces. In one case, a user unknowingly installed a launcher app disguised as a messaging application, which compromised her device's functionality and privacy by requesting excessive permissions. Google Play Protect failed to identify the problematic app, which continued to generate ads even after its removal. The app's misleading title and vague description contributed to the confusion, highlighting the need for improved safeguards in the Play Store to protect less tech-savvy users.

Winsage

May 14, 2026

Dell SupportAssist is crashing some Windows 11 PCs, causing them to enter reboot loops. Here’s how to stop it.

Dell users on Windows 11 are experiencing frequent blue screens and reboot loops after updating the Dell SupportAssist Remediation software to version 5.5.16.0, released on April 30. This issue particularly affects models like the XPS 15 9530, with crashes occurring approximately every thirty minutes and a common error message being "CRITICALPROCESSDIED." The problem has been traced to the DellSupportAssistRemediationService.exe, which is pre-installed on many Dell systems and designed to manage diagnostics, driver updates, and recovery tools. Users are advised to uninstall or disable the software to restore normal functionality. Dell has acknowledged the issue and is working on a resolution. Temporary workarounds include disabling the service via Command Prompt or fully uninstalling the SupportAssist components through the Settings app. However, uninstalling may result in the loss of system repair points created by the service.

Tech Optimizer

May 13, 2026

AI-Powered Endpoint Detection and Response: Why Modern Cybersecurity Depends on EDR

Every device connected to a corporate network, including laptops, desktops, servers, and mobile phones, can be a potential gateway for cyberattacks. AI-powered Endpoint Detection and Response (EDR) solutions are essential in modern cybersecurity strategies, utilizing behavioral analysis, real-time monitoring, and machine learning to detect, investigate, and respond to advanced threats. Traditional antivirus software, which relies on known malicious signatures, is becoming ineffective against modern attackers who use fileless attacks and custom-built malware. EDR continuously monitors endpoint activity, capturing behavioral data to identify anomalies consistent with attacks. It provides forensic capabilities to help security teams understand how breaches occur. EDR is a critical component of a multi-layered security architecture, complementing other security measures like firewalls and patch management. When choosing an EDR solution, organizations should consider real-time detection, automated response capabilities, integration with existing security tools, and ease of investigation.

Winsage

May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.

Tech Optimizer

May 13, 2026

Nine Enterprise Security Solutions Certified in AV-Comparatives 2026 EDR Detection Validation Test

AV-Comparatives conducted the 2026 EDR Detection Validation Test, certifying nine enterprise solutions for their detection capabilities. The certified products include Bitdefender GravityZone Business Security Enterprise, ESET PROTECT Elite, Fortinet FortiEDR, G DATA 365 | MXDR, Genian Insight E, Kaspersky EDR Expert (on-premises), ManageEngine Endpoint Central with EDR, Palo Alto Networks Cortex XDR Pro, and Sangfor Athena AI-Native EPP. The evaluation focused on the effectiveness, consistency, and usability of detection capabilities, providing a clear overview of each product's performance in a realistic 14-stage Advanced Persistent Threat scenario. The assessment ensured that results were not influenced by prevention mechanisms and highlighted the role of AI in improving detection result readability and SOC efficiency.