IP address Archives

AppWizard

January 28, 2026

5 Best Alternatives to WhatsApp in 2026 (Private & Secure)

The rise of encrypted messaging apps is driven by privacy concerns, as users seek alternatives to traditional platforms that may compromise security. Corporations, hackers, and governments actively monitor online communications for various reasons, making secure messaging essential. Several leading secure messaging apps have been identified: - Signal: Known for robust security features, including end-to-end encryption and open-source transparency. It requires a phone number for registration. - Threema: Allows anonymous communication without personal identifiers and offers end-to-end encryption. It does not have a free version and has a smaller user base. - Telegram: With over 500 million users, it offers self-destructing messages and works across multiple devices, but not all communications are end-to-end encrypted by default. Messaging platforms to avoid include WhatsApp, which collects extensive metadata, Keybase, which has credibility concerns after being acquired by Zoom, and regular SMS, which lacks encryption. When selecting an encrypted messaging app, users should look for end-to-end encryption, third-party testing, open-source code, self-destructing messages, limited data collection, and compatibility with other services. Signal is frequently cited as the most secure messaging app.

Tech Optimizer

December 24, 2025

Be confident online with 30% off at ESET with our exclusive code

ESET is offering a limited-time 30% discount on their cybersecurity plans with the code WINTER302025. Their security solutions include a secure VPN, advanced anti-phishing technology, and proactive ransomware protection. ESET provides tiered plans to cater to various user needs, allowing for easy selection of appropriate packages for digital protection.

TrendTechie

December 8, 2025

Торренты и пиратство в разных странах

Amnezia's team has received user feedback about VPN limitations for downloading torrents, attributed to legal frameworks in server-hosting countries rather than technical issues. VPN services face abuse reports from hosting providers when torrents are downloaded, leading to traffic restrictions. Specialized B2B servers, like Amnezia's Swiss P2P server, are more expensive but located in countries with lenient torrent laws. In 2024, visits to pirate sites reached 216 billion globally, with the U.S. leading at 26.7 billion visits. All major jurisdictions prohibit the distribution of copyrighted content, but penalties for piracy vary by country. - **Switzerland**: Allows personal downloading from illegal sources for personal use; uploading is prohibited. - **Netherlands**: Personal copying from illegal sources banned since 2014. - **Germany**: Intentional copyright infringement can lead to fines or imprisonment; enforcement often results in civil actions. - **France**: Increased efforts to block pirate sites; penalties include fines and potential criminal charges. - **Canada**: Notice-and-Notice model with rare fines for piracy. - **India**: Both sharing and downloading torrents are illegal; courts can issue injunctions against unknown infringers. - **United Kingdom**: Strict anti-piracy measures with civil lawsuits and potential prison sentences. - **United States**: Stringent laws with civil lawsuits for piracy; criminal cases are rare. - **Singapore**: Criminal liability for serious copyright infringement. - **Japan**: Illegal downloading can lead to prison or fines; severe penalties for sharing. - **Thailand**: Distributing pirated content is illegal; penalties vary by violation type. - **Vietnam**: Laws against piracy exist, but enforcement is rare. - **Turkey**: Prohibits downloading and sharing pirated content; enforcement focuses on commercial piracy. - **Portugal**: Prohibits downloading from copyright-violating sources; piracy levels remain high. - **Russia**: Civil lawsuits for damages are pursued, but individual users are rarely targeted. Overall, while anti-piracy laws are strict, enforcement is often lax, leading to a low likelihood of legal repercussions for torrent downloading in many regions, except in Germany and Japan.

Tech Optimizer

November 27, 2025

How Letta builds production-ready AI agents with Amazon Aurora PostgreSQL

AI agents benefit from persistent memory, enabling them to recall past interactions and maintain context, which enhances customer experience in scenarios like customer service. The Letta Developer Platform allows developers to create stateful agents with advanced context management features. It supports self-hosting within a virtual private cloud and uses Amazon Aurora PostgreSQL for long-term memory storage. Aurora PostgreSQL offers capabilities such as efficient similarity searches with the pgvector extension, sub-second query latency, and dynamic storage scaling. Letta operates as a persistent service, allowing agents to function independently and scale horizontally using Kubernetes. The platform supports multi-tenancy and includes enterprise features for security and monitoring. To set up an Aurora Serverless cluster for Letta, users must create a database on Amazon RDS, configure security group access, and install the pgvector extension. Letta connects to Aurora using a PostgreSQL connection string. After establishing the connection, users can create agents, send messages, and view agent states and conversation histories stored in Aurora. Letta organizes data in 42 tables, including those for agents, messages, and memory blocks. Users can explore the database schema and examine the structure of stored messages and embeddings. Finally, it is recommended to delete the Aurora cluster and associated resources after completing the integration to avoid charges.

AppWizard

November 26, 2025

Android users warned to delete these fake apps after Google alarm

Android users are facing a threat from counterfeit VPN applications that disguise themselves as privacy-enhancing tools but contain malware capable of compromising personal information and security. These fake VPNs mimic reputable brands and use misleading advertisements to appear legitimate. Once installed, they can steal passwords, messages, and financial data, and may even lock devices with ransomware. Google advises users to download VPNs only from trusted sources, look for verification badges, review app permissions, be cautious of free offers, research developers, and avoid scare tactics in marketing. Legitimate VPNs should not request access to personal contacts or photos and should only require network-related permissions.

Winsage

November 25, 2025

ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

A new wave of ClickFix attacks has emerged, using fake Windows Update screens and PNG image steganography to deploy infostealing malware like LummaC2 and Rhadamanthys. The attacks trick users into executing a command by pressing Win+R and pasting a command copied to their clipboard. Attackers have shifted from using “Human Verification” lures to more convincing full-screen fake Windows Update screens. The fake update prompts users to run a command that initiates mshta.exe with a URL containing a hex-encoded IP address, leading to the download of obfuscated PowerShell and .NET loaders. A notable feature of the campaign is the use of a .NET steganographic loader that hides shellcode within the pixel data of a PNG image, which is decrypted and reconstructed in memory. The shellcode is Donut-packed and injected into processes like explorer.exe using standard Windows APIs. Huntress has been monitoring these ClickFix clusters since early October, noting the use of the IP address 141.98.80[.]175 and various paths for the initial mshta.exe stage, with subsequent PowerShell stages hosted on domains linked to the same infrastructure. Despite the disruption of Rhadamanthys’ infrastructure in mid-November, active domains continue to serve the ClickFix lure, although the Rhadamanthys payload appears to be unavailable. To mitigate the attack, disabling the Windows Run box through Group Policy or registry settings is recommended, along with monitoring for suspicious activity involving explorer.exe. User education is critical, emphasizing that legitimate processes will not require pasting commands into the Run prompt. Analysts can check the RunMRU registry key to investigate potential ClickFix abuse.

Winsage

November 25, 2025

New ClickFix attacks use fake Windows Updates to swipe creds

A surge in ClickFix attacks is occurring, where attackers use deceptive Windows update screens to trick users into downloading infostealer malware. This method has become the primary means of initial access for cybercriminals, as reported by Microsoft. State-sponsored actors and organized crime groups are increasingly using this tactic. Huntress security experts have noted a shift from traditional prompts to convincing fake Windows update screens, showcasing the attackers' adaptability. Cyber adversaries are utilizing a steganographic loader to deliver infostealing malware like Rhadamanthys, encoding malicious code within PNG images to evade detection. Between September 29 and October 30, 2025, Huntress investigated 76 incidents linked to this campaign across various regions, with one incident involving the IP address 141.98.80[.]175. Victims typically visit a malicious site that triggers a full-screen blue Windows Update screen, leading them to install a “critical security update” through a series of commands. This process involves executing a command that runs PowerShell code to deploy a steganographic loader, ultimately leading to the installation of Rhadamanthys, which captures login credentials. Comments in the lure site's source code are in Russian, suggesting the attackers' identity remains unknown. As of November 19, multiple domains continue to host the lure page, although the payload is no longer actively hosted. Organizations can defend against these attacks by blocking access to the Windows Run box and educating employees about the ClickFix technique.

TrendTechie

November 23, 2025

Хитовая Battlefield 6 появилась на торрентах

Battlefield 6 has been partially compromised by the piracy group RUNE, allowing players to access a pirated version just over a month after its official release. This version is in a Portable format, requires no installation, and takes up about 100 GB of storage. It only includes the single-player campaign with nine missions, while multiplayer functionality is not available. A "free week" event for multiplayer will occur from November 25 to December 2 on Steam and consoles, featuring maps like Siege of Cairo, Eastwood, and Blackwell Fields, and game modes such as Conquest, Breakthrough, Team Deathmatch, Sabotage, and one unannounced mode. Battlefield 6 is not available in the Russian region, and accessing it on Steam requires a foreign account and a different region's IP address.

Tech Optimizer

November 11, 2025

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

A critical security vulnerability (CVE-2025-12480) has been identified in Gladinet's Triofox platform, allowing attackers to bypass authentication and access sensitive configuration pages. This vulnerability has a CVSS score of 9.1 and has been exploited by a threat cluster known as UNC6485 since August 24, 2025. Despite patches issued by Gladinet, attackers created a new admin account to execute malicious code, including a batch script that downloaded tools for remote access. They used these tools for reconnaissance and privilege escalation. Mandiant recommends that Triofox users update to the latest version and audit admin accounts.

Winsage

November 5, 2025

Curly COMrades abuse Hyper-V for covert malware operations in VMs

Bitdefender researchers have identified advanced techniques used by the Curly COMrades threat actor, believed to have Russian backing, to exploit Microsoft’s Hyper-V virtualization platform. This group activates Hyper-V on compromised systems to deploy a lightweight virtual machine (VM) running Alpine Linux, which hosts malware tools CurlyShell and CurlCat. The operation began in early July with commands that activated Hyper-V and prepared the environment for the VM, using deceptive file names to avoid detection. The Alpine Linux VM is customized for each victim, allowing the attackers to maintain a low profile while facilitating reverse shell and proxy activities. The VM routes traffic through the host's network, masking communications as originating from the legitimate host IP. CurlyShell acts as a persistent reverse shell, while CurlCat manages SSH traffic tunneling, utilizing a private key for authentication. The attackers also employ various proxy and tunneling tools and utilize PowerShell scripts for tasks such as injecting Kerberos tickets into LSASS for lateral movement and creating local accounts to ensure ongoing access. Their command and control infrastructure involves compromised servers that relay traffic between infected hosts and the attackers' servers, with measures taken to limit forensic evidence. To detect and mitigate these threats, Bitdefender emphasizes the need for host-based network inspection and hardening, as well as monitoring for abnormal access to the LSASS process and suspicious Kerberos ticket activities. The findings indicate a shift in threat actor tactics towards using virtualization for stealth and persistence, highlighting the need for layered security measures.