kernel Archives

Winsage

May 2, 2026

“Xbox mode is easily the headline feature”: In May’s Windows 11 update, I walk through the 11 upgrades that change how we use the OS, and why some of them surprised me

Microsoft will begin rolling out the May 2026 Security Update for Windows 11 on May 12, 2026. Key features of this update include: 1. Xbox Mode: Transforms PCs into a console-like experience, prioritizing system resources for gaming and freeing up to 2GB of memory. 2. Voice Typing Improvements: Redesign of Voice Typing elements on the touch keyboard. 3. New Arabic 101 Legacy Keyboard Layout: Available for addition from the Region page in Settings. 4. Drop Tray Changes: Renamed from Drag Tray and can be disabled in Settings > System > Multitasking. 5. Taskbar AI Agents Support: Allows monitoring of AI agents directly from the Taskbar, starting with the Microsoft 365 Copilot app. 6. Debloat Policy with Dynamic List Support: Enables administrators to specify additional apps for removal beyond the default list. 7. Windows Driver Policy Update: Changes how the kernel manages trust for third-party drivers, eliminating default trust for cross-signed drivers. 8. Batch File Security Changes: Enhances security for batch files and Command Prompt scripts, with an option for a hardened processing mode. 9. Format FAT32 up to 2TB: The format command-line tool now supports formatting volumes up to 2TB using FAT32.

Winsage

May 1, 2026

Windows 11 KB5083631: Faster File Explorer And New Format Support

Microsoft has released the optional KB5083631 update for Windows 11 (Builds 26200.8328 and 26100.8328, version 24H2). Key features include a new Xbox Mode and an improved File Explorer experience, enhancing speed and stability. The update expands native file handling capabilities, allowing users to open and extract formats like .nupkg, .xar, .uu, and .cpio without third-party software. It integrates elements from Project K2 for optimization and improves the reliability of the explorer.exe process. Interface refinements include retaining the “Extra Large Icons” setting in the Downloads folder, fixing a “white flash” glitch in Dark Mode, and maintaining folder viewing preferences. The update package is about 5.1 GB for x64 systems and 4.6 GB for ARM architectures, with no major known issues reported. It can be accessed via Windows Update or offline installers, and these enhancements will be included in the mandatory May 2026 Patch Tuesday release.

AppWizard

April 30, 2026

LofyStealer Uses Node.js Loader Against Minecraft Gamers

Cybersecurity threat hunters have discovered an active infostealer campaign targeting the gaming community, involving malware called LofyStealer (or GrabBot) that disguises itself as a Minecraft hack named “Slinky.” The attackers use the official game icon to trick young gamers into executing the malware. The Brazilian cybercrime group LofyGang has enhanced its technical capabilities, utilizing a sophisticated two-stage modular architecture. The initial stage features a 53.5 MB loader file named load.exe, which is a Node.js runtime environment that obscures malicious signatures. The loader connects to the attacker’s server and decrypts a 1.4 MB C++ payload, chromelevator.exe, which targets eight web browsers to extract sensitive information like cookies and passwords. The stolen data is compressed, encrypted, and sent to the attacker’s server. LofyGang has evolved into a Malware-as-a-Service platform, offering a web panel for operators to monitor victims and generate custom executables. The campaign highlights the increasing threats to the gaming community, with advanced evasion techniques being employed by cybercriminals. Security professionals are advised to monitor network traffic and conduct audits for suspicious activities.

AppWizard

April 30, 2026

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A new infostealer malware called LofyStealer is targeting the gaming community, particularly Minecraft players, by disguising itself as a cheat tool named “Slinky.” It employs a two-stage attack to extract sensitive information from eight major web browsers, including Chrome and Firefox, while evading detection by security software. The malware siphons off cookies, saved passwords, payment card information, and session tokens. Researchers at Zenox.ai identified LofyStealer, linking it to the Brazilian cybercrime group LofyGang, which has been active since October 2022. The malware uses social engineering tactics to appear legitimate and operates as a Malware-as-a-Service platform, offering both Free and Premium tiers to buyers. Its technical sophistication is evident in its method of in-memory browser injection, which allows it to bypass security defenses. The stolen data is compressed and sent to a command-and-control server. Users are advised to avoid downloading unofficial game mods and enable multi-factor authentication to reduce the risk of credential theft. Security teams should monitor for specific behavioral indicators related to the malware's operations.

Winsage

April 29, 2026

Microsoft open-sources 86-DOS 1.00, the ancestor of Windows

Microsoft has made the source code for 86-DOS 1.00 available on GitHub to celebrate its 45th anniversary. 86-DOS, developed by Tim Paterson, was foundational for MS-DOS and Windows. This release is part of Microsoft's effort to preserve historically significant software. Microsoft previously released the source code for MS-DOS versions 1.25, 2.11, and 4.0. A team of historians and preservationists has gathered and transcribed DOS-era source listings, including the 86-DOS 1.00 kernel and development snapshots of the PC-DOS 1.00 kernel. Microsoft acquired 86-DOS from Seattle Computer Products for approximately ,000 and modified it to deliver PC-DOS 1.0 in August 1981, which became known as MS-DOS for IBM-compatible computers.

AppWizard

April 29, 2026

Denuvo has been cracked in all single-player games it previously protected — 2K Games and Denuvo reportedly retaliate with mandatory 14-day online checks

The skull-and-bones community has declared that there are no games utilizing Denuvo that remain uncracked or bypassed. The MKDev collective and DenuvOwO developed a hypervisor-based bypass (HVB) in late 2025, which intercepts Denuvo's verification checks. The cracker voices38 successfully removed Denuvo from several titles, including Resident Evil: Requiem. Denuvo has since implemented a 14-day mandatory online check for certain games, complicating the HVB method. The latest version of HVB requires users to disable Core Isolation and Driver Signature Enforcement to run games. The community includes notable figures like repacker FitGirl, who has acknowledged the collaborative efforts of DenuvOwO and voices38.

AppWizard

April 28, 2026

Denuvo dealt major blow as crackers claim all non-VR games with the anti-tamper have been bypassed

Every non-VR game utilizing Denuvo DRM has been successfully compromised due to the emergence of the Hypervisor bypass, a method that deceives Denuvo into believing it is functioning correctly. This technique requires users to disable Driver Signature Enforcement, raising security concerns. The CrackWatch subreddit reports that all non-VR Denuvo games have been cracked or bypassed to some degree, with Capcom's Pragmata being completely bypassed just two days before its official launch. Cracking Denuvo within the first week of a game's release can lead to revenue losses of up to 20% for developers and publishers. Irdeto is actively developing updated security versions to address the Hypervisor bypass, assuring that these measures will not compromise game performance.

Winsage

April 27, 2026

Linux 7.1-rc1 brings faster, safer file transfers between Windows and Linux partitions with a brand new NTFS driver

Linus Torvalds has announced the closure of the merge window for Linux version 7.1, allowing public testing to begin with the first release candidate now available. This version includes a significant rewrite of the NTFS code aimed at improving dual-boot experiences between Windows and Linux. Additionally, Linux 7.1 will gradually phase out support for the i486 Intel processor and some older networking technologies and SoC configurations. Users can find the release candidate in Linus' Linux Git repository and are encouraged to report any bugs.

AppWizard

April 25, 2026

NoVoice malware hit 2.3 million Android devices through apps Google never should have approved

McAfee researchers discovered a complex Android rootkit campaign, dubbed Operation NoVoice, that infiltrated 50 applications on Google Play, exploiting vulnerabilities in the kernel that had been patched but not uninstalled. The malware was resilient enough to survive factory resets and was concealed within seemingly benign apps, which collectively garnered 2.3 million downloads. The malicious payload was hidden in the com.facebook.utils package and used steganography to embed an encrypted payload within a PNG image. The malware conducted multiple checks to avoid detection and established contact with a command-and-control server, polling for exploit packages every 60 seconds. It utilized 22 distinct exploits, including vulnerabilities that had received patches between 2016 and 2021. The malware disabled SELinux enforcement and installed a persistent rootkit that could survive factory resets. Google confirmed the removal of the infected apps but noted that users who had already downloaded them remained at risk, especially if their devices were running unpatched Android versions. McAfee advised affected users to treat their devices as compromised and consider professional inspection or hardware-level storage wiping for remediation.

Winsage

April 25, 2026

Linux and Windows 95 running side by side? This dev made it happen.

Open-source developer "Hailey" has introduced the Windows 9x Subsystem for Linux (WSL9X), which allows users to run both Windows and Linux applications simultaneously on classic versions of Windows, including Windows 95, 98, and Me. WSL9X operates by running a modern Linux kernel (6.19) alongside the Windows 9x kernel, enabling features such as paging, memory protection, and pre-emptive scheduling. It is neither emulation nor virtualization and does not require hardware virtualization. WSL9X is available for download, but users must build it from the source provided by Hailey. It allows access to a genuine Linux terminal alongside classic Windows applications, enabling various tasks without compromising system stability.