investigation Archives

Winsage

April 28, 2026

Incomplete Windows Patch Creates New Zero-Click Attack Risk

A new vulnerability in Microsoft Windows, designated as CVE-2026-32202, has been discovered due to an incomplete security patch for a previous flaw (CVE-2026-21510). This new vulnerability allows attackers to execute zero-click attacks by processing specially crafted shortcut files, enabling automatic authentication requests without user interaction. The vulnerabilities are linked to another flaw (CVE-2026-21513) in Microsoft’s MSHTML framework, and cybercriminals, specifically the APT28 group, have exploited these issues in attacks against Ukraine and the European Union. Microsoft has released a fix for the new vulnerability in its April 2026 security updates.

AppWizard

April 28, 2026

EU tells Google to open Android to AI rivals

The European Commission has proposed measures to encourage Google to allow greater access for rival AI services on its Android operating system, aiming to enhance user choice and flexibility. These proposals are part of the EU's Digital Markets Act (DMA), which seeks to promote competition among major tech companies. Google has criticized the measures, expressing concerns about potential increased costs and risks to user privacy and security. The EU is evaluating compliance with these measures, which could lead to further scrutiny if Google does not comply. Violations of the DMA can result in fines up to 10 percent of a company's global turnover. Google is currently facing multiple inquiries under the DMA and has recently been fined 2.95 billion euros in a separate EU competition case.

AppWizard

April 27, 2026

RIP Signal: Russians kill trust in many EU diplomats’ beloved messaging app

Signal is experiencing a crisis of trust due to security breaches, including successful infiltrations by Russian hackers in Germany and the Netherlands. Senior EU officials have disbanded a Signal group due to hacking fears. Accessing Signal chat content on the dark web can cost between ,000 to ,000, while WhatsApp data is cheaper, ranging from ,000 to ,000. Personal information, such as travel histories, can be bought for 0 to 0, especially for individuals who have traveled to countries known for data leaks. Investigations revealed that Russian diplomats' medical records, banking information, and dating site usernames are available on the black market. Location tracking can be precise when certain applications are downloaded. A Kazakh refugee in Brussels faced high-definition surveillance, and local laws challenge private detectives' effectiveness. State actors have used Israeli spyware like Pegasus to target journalists and adversaries. The prospect of secure communication is diminishing, with online exchanges increasingly seen as vulnerable.

AppWizard

April 25, 2026

My favorite RPG of 2026 put an impossible challenge in the second room to teach you not to save scum: ‘I am your DM, trust me’

Esoteric Ebb features an innovative approach to failure and save scumming, allowing players to reroll failed checks using an in-game resource called Shards of Jor, enhancing gameplay and storytelling. Designer Christoffer Bodegård emphasizes player agency and enjoyment, stating that players can choose how to engage with the game, including the option to save scum. He provides examples of encounters where players can retry difficult checks and assures them that initial failures are acceptable, as challenges will become easier over time. Bodegård aims to create a structured experience that accommodates various play styles while maintaining an illusion of agency within the narrative.

AppWizard

April 24, 2026

Founder of Telegram messenger app Pavel Durov says he got a summons in Russia naming him as a ‘suspect’

Pavel Durov has been summoned as a "suspect" in a criminal investigation in Russia, with allegations linking him to terrorism-related activities. This comes amid intensified scrutiny by Russian authorities over Telegram, which is a significant communication tool in the region.

AppWizard

April 24, 2026

Another spyware maker caught distributing fake Android snooping apps

The Italian digital rights organization Osservatorio Nessuno has revealed a new malware called Morpheus, used by government agencies for surveillance. Morpheus is disguised as a phone updating application and can extract various data from targets' devices. The spyware is linked to IPS, an Italian firm specializing in lawful interception technologies, which claims to operate in over 20 countries. Morpheus is categorized as "low cost" due to its straightforward infection method, which involves tricking targets into installing the software. Authorities collaborated with the target's mobile service provider to obstruct data and send an SMS prompting the installation of the malware. Once installed, Morpheus exploits Android's accessibility features to access extensive information and masquerades as the WhatsApp application to solicit biometric data. The spyware's code contains Italian phrases and references to "Gomorra," indicating its connection to the Italian spyware industry. The attack is likely linked to political activism in Italy. IPS is among several Italian spyware manufacturers that have emerged following the decline of Hacking Team.

Winsage

April 23, 2026

Microsoft: Some Teams users can’t join meetings after Edge update

Microsoft has acknowledged an issue with its Edge browser affecting users trying to join Teams meetings, documented under incident report TM1288497. A restart of the Teams client may serve as a temporary workaround. Microsoft is analyzing diagnostic data and monitoring service changes to address the problem. This issue follows a previous bug where an Edge update disrupted the right-click paste functionality in Teams, with a fix scheduled for the next platform update. Additionally, Microsoft reverted a service update that prevented some users from launching the Teams desktop client. Ongoing challenges related to Universal Print sharing have also emerged due to changes in the Microsoft Graph API code.

Winsage

April 23, 2026

Microsoft faces court battle in £2bn Windows Server class action

The Competition Appeal Tribunal (CAT) has approved a £2 billion class action against Microsoft, aimed at compensating approximately 59,000 businesses using the Windows Server operating system in non-Microsoft public clouds. The collective action, led by Maria Luisa Stasi, alleges that Microsoft has overcharged UK entities for Windows Server on competing cloud services. The tribunal dismissed Microsoft's objections and granted a Collective Proceedings Order on an opt-out basis. The class action addresses two main issues: pricing abuse related to the Microsoft Service Provider License Agreement (SPLA) and re-licensing abuse concerning the deployment of Windows Server on Azure versus other cloud providers. The UK Competition and Markets Authority is also investigating Microsoft's software licensing practices within the cloud market. James Hain-Cole from law firm Scott+Scott expressed satisfaction with the tribunal's decision, emphasizing its significance for securing compensation for affected businesses.

Winsage

April 22, 2026

“For years, Microsoft’s practices have had real financial impact on both public and private organizations” – Microsoft faces new legal challenge over licensing practices

Microsoft is facing a £2 billion lawsuit in the UK, led by competition lawyer Maria Luisa Stasi, representing nearly 60,000 businesses that claim the company imposes excessive charges for using Windows Server on competing cloud platforms. The allegations focus on higher licensing fees for organizations using services like Amazon Web Services, Google Cloud Platform, and Alibaba Cloud compared to those using Microsoft’s Azure. The lawsuit has been allowed to proceed on an opt-out basis by the Tribunal. Microsoft plans to appeal the decision and asserts that its business model promotes competition. The case is part of broader scrutiny of Microsoft's licensing practices, with investigations also initiated by the UK Competition and Markets Authority and the European Commission, as well as inquiries in Brazil, Switzerland, the United States, and Japan.

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.