investigations Archives

AppWizard

June 18, 2026

India’s solution to entrance exam fraud: A temporary ban on Telegram

On June 13, 2026, the National Students Union of India (NSUI) held a protest in Hyderabad against alleged exam paper leaks related to the National Eligibility-cum-Entrance Test (NEET). The Indian government temporarily blocked access to the messaging platform Telegram to combat exam fraud, with the National Testing Agency (NTA) announcing the ban will last until June 22 and disabling the message editing feature until June 30. The NEET-UG exam was canceled on May 12, affecting approximately 2.2 million students, following allegations of a paper leak. Telegram channels were found soliciting payments for leaked exam papers, while the NTA denied any papers were available outside secured channels. Political ramifications included calls from opposition leader Rahul Gandhi for the resignation of Education Minister Dharmendra Pradhan. The Cockroach Janta Party organized protests nationwide demanding accountability for the examination discrepancies.

Tech Optimizer

June 6, 2026

Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises

Researchers have identified a new malware called JS.MonoGlyphRAT, which disguises itself as business documents to infiltrate corporate networks. It is primarily spread through phishing emails targeting various sectors in the U.S. and has been reported in countries like Germany, Sweden, and Australia. The malware is classified as "Unknown malware" on threat intelligence platforms, making traditional antivirus solutions ineffective. It establishes a persistent presence in the network by executing a JavaScript file and communicating with command-and-control (C2) servers over HTTP. Key indicators of compromise include unusual HTTP traffic, registry changes, and the execution of specific JavaScript files. The malware can download additional payloads and execute commands without leaving traces on disk. Indicators of compromise include specific IP addresses, URLs, file hashes, and registry keys associated with the malware's operation.

AppWizard

June 3, 2026

Meta expands teen safety features across Facebook, Messenger

Meta is enhancing protections for younger users by expanding its Teen Accounts framework across Facebook, Messenger, and Instagram. This includes implementing stricter content settings that limit exposure to inappropriate material, such as violence and self-harm. A new "Limited Content" setting will be introduced for Facebook and Messenger to provide additional content restrictions. Additionally, Instagram is testing a feature to diversify content recommendations for teens, reducing repetitive exposure to similar topics. These initiatives come amid increased regulatory scrutiny regarding youth safety on social media platforms.

AppWizard

May 27, 2026

‘No Future Updates’—Google Will Confirm Play Store App Deletion

Google is enhancing the security of its Play Store by removing high-risk and low-quality applications and will soon notify users when an app has been deleted from the Play Store. This notification will inform users that the app will no longer receive updates, which is crucial for security as unpatched apps can be exploited. Currently, users only receive alerts about significant security threats, but the new feature aims to improve user awareness regarding app removals. The change comes amid rising cyber threats, with a recent report indicating that vulnerability exploitation is a major risk. Previously, users were not notified about app removals, leaving them unaware unless they found out through other means.

AppWizard

May 27, 2026

Google May Add Play Store Alerts For Removed Android Apps

Google has implemented a new feature in its Play Store that notifies users when an app has been removed from the marketplace. This update informs users that the app will no longer receive updates, including security fixes, which could leave them vulnerable. The notification will detail each deleted app and its removal from Google Play. There is uncertainty about whether the update will allow users to delete these apps directly. This initiative responds to a shift in the threat landscape, where exploiting vulnerabilities has become the primary method of breaching devices, surpassing stolen credentials. Recent reports highlighted the necessity for user notifications, citing a new ad fraud campaign involving 453 apps that were installed 24 million times before removal. Previously, users had no formal notification system for app removals.

Winsage

May 22, 2026

Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures

Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries. Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million. Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.

AppWizard

May 21, 2026

This Free Steam Game Tricks Players Into Downloading Malware, Users Beware

Steam users are warned about the risks of downloading free games, particularly a compromised title called Beyond The Dark, which was a clone of the horror game Phasmophobia. This game contained malware named UnityPlayer.dll that activated upon launch, targeting saved passwords and cryptocurrency extensions in browsers. Users experienced instability and crashes while the malware operated in the background. It is recommended that those who downloaded the game delete associated files and perform a system scan, changing any potentially compromised passwords. Valve has removed Beyond The Dark from its storefront to prevent further downloads. Users are advised to scrutinize game descriptions, review feedback, and maintain reliable antivirus software to protect their personal information.

Winsage

May 17, 2026

Microsoft confirms Windows 11 KB5089549 issues due to low storage, says it’s rolling out an emergency patch to fix install errors

Microsoft has acknowledged an issue with the installation of Windows 11’s May 2026 Update (KB5089549), which has been encountering errors such as 0x800f0922, 0x80240069, and 0x80240031. An emergency server-side update is being implemented to resolve these installation hurdles. The KB5089549 update is mandatory and intended to install automatically on compatible PCs, but some users have reported difficulties, including installation stalling around 35-36%, leading to a rollback with a message stating, “something didn’t go as planned. Undoing changes.” Investigations reveal that installation failures are particularly affecting devices with limited EFI partition space, with error code 0x800f0922 indicating insufficient free space and potential conflicts with third-party files. The EFI System Partition (ESP) typically occupies no more than 100MB and can become congested due to leftover files, causing installation failures when available space is low. Users with less than 10MB of free EFI storage may face additional complications. A PowerShell command can be used to check EFI storage status. Microsoft has advised users to consider increasing the size of the ESP by modifying the Windows Registry, although the recent server-side update may have already addressed the issue. The Known Issue Rollback (KIR) has been implemented, automatically propagating the resolution to devices. Users are encouraged to restart their devices to expedite the application of the fix, and there are no additional bugs reported.

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

TrendTechie

May 11, 2026

Forza Horizon 6 слили на торренты за девять дней до выхода

Forza Horizon 6 has leaked on torrent sites nine days before its official launch due to a mishap during the publication of pre-load files, resulting in an unencrypted build being uploaded. The leaked version is the Premium Edition, approximately 155 GB in size. Official early access for premium edition purchasers begins on May 15, 2026, with the full release on May 19, 2026. The game will be available on PC, Xbox Series X/S, and PlayStation 5, with Game Pass subscribers gaining free access starting May 19.