malicious code Archives

Winsage

January 14, 2026

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows vulnerability, CVE-2026-20805, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 8.7. This vulnerability, part of the January 2026 Patch Tuesday updates, affects the Windows Desktop Window Manager and allows attackers to leak memory information, potentially aiding in further exploits. Federal Civilian Executive Branch agencies must address this vulnerability by February 3, 2026, as mandated by Binding Operational Directive 22-01.

Tech Optimizer

January 13, 2026

Trusted Antivirus Protection for PCs

Your PC requires robust antivirus protection due to its diverse usage, and Windows 11 offers built-in protections that operate seamlessly. Antivirus software, such as Microsoft Defender in Windows 11, protects against threats like viruses, malware, phishing websites, and suspicious email attachments. However, it cannot fully defend against social engineering scams, new ransomware, zero-day vulnerabilities, or risky online behaviors. Microsoft Defender provides automatic threat scanning, works with the Windows firewall, utilizes cloud intelligence, alerts users to unsafe content, and offers ransomware protection. To enhance security, users should keep software updated, use strong passwords, secure their Wi-Fi, enable firewalls, and back up files regularly.

Tech Optimizer

January 10, 2026

Protect Yourself From the macOS Flaw that Bypasses Apple Privacy Controls

A newly identified macOS vulnerability, tracked as CVE-2025-43530, poses a significant risk by circumventing Apple’s privacy controls, potentially exposing users to malicious actors. This flaw arises from two vulnerabilities that allow hackers unauthorized access to systems by exploiting Apple-signed services and a timing gap in process verification. Hackers can execute AppleScript commands and access user files and microphone audio without triggering warnings. The VoiceOver screen reader service is a primary target for exploitation. Users are advised to update to macOS Tahoe 26.2, review app permissions, consider third-party antivirus solutions, and avoid downloading untrusted files to enhance security.

Winsage

January 5, 2026

Microsoft’s Windows AI Features Lack Official Disable Options, Forcing Users To Third-Party Tools

Microsoft's latest Windows 25H2 builds have introduced AI features, but users cannot easily disable them through the interface, leading many to use third-party tools like the RemoveWindowsAI PowerShell script to eliminate components such as Copilot, Recall, and Input Insights. Windows Recall captures screenshots for AI-driven searches, raising privacy concerns due to the creation of a local database of full screenshots. Microsoft has also disabled phone activation for Windows 11, requiring internet connectivity for activation. The RemoveWindowsAI tool removes appx packages associated with AI, ensuring they cannot be reinstalled. Microsoft has announced the discontinuation of support for Windows 11 SE by October 13, 2026, impacting schools that rely on this version. Virtualization, such as using Proxmox, is recommended for users wary of telemetry practices. The RemoveWindowsAI project is evolving to enhance its capabilities in response to Microsoft's AI feature additions. Enterprise deployments are advised to test removal strategies in controlled environments, though some antivirus programs may flag the tool as malicious. Privacy advocates are concerned about the implications of Microsoft's changes on user control and data collection.

Winsage

December 20, 2025

Windows RemoteApp problems, ferry malware arrest, Senator’s open-source warning

Microsoft's December 2025 security update disrupts Message Queuing (MSMQ) on older Windows 10 and Server systems. A subsequent November 2025 update causes RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices, particularly in Azure Virtual Desktop environments, although Windows Home or Pro editions remain unaffected. French authorities arrested two crew members of an Italian ferry for allegedly installing malware that could allow remote control of the vessel; one suspect has been released while the other is in custody. Tom Cotton, Chairman of the Senate Intelligence Committee, has urged action on vulnerabilities in open-source software, citing concerns about foreign adversaries inserting malicious code. A zero-day exploit, CVE-2025-20393, affecting Cisco email security products has been exploited by Chinese hackers since late November. DXS International reported a cybersecurity incident involving unauthorized access to its internal servers, with an investigation ongoing. A report from Resecurity indicates a rise in the criminal use of DIG AI for generating tips for illegal activities. CISA warned of a critical vulnerability in ASUS Live Update software, which has been actively exploited. An automated campaign targeting multiple VPN platforms has been reported, with credential-based attacks observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN.

AppWizard

December 17, 2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) called Cellik has appeared on underground cybercrime forums, offering capabilities for a subscription fee of 0 per month or a one-time payment of ,000 for lifetime access. This malware can be embedded into any app on the Google Play Store, creating trojanized versions of popular applications while maintaining the original app's interface. Cellik includes features such as real-time screen capture, interception of app notifications, filesystem access, data wiping, and secure communication with a command-and-control server. It also has a hidden browser mode that allows attackers to use the victim's stored cookies and an app injection system for overlaying fake login screens. The malware can inject payloads into installed apps, complicating detection. Cellik is designed to bypass Google Play security features, raising concerns about the effectiveness of automated reviews and device-level scanners.

TrendTechie

December 16, 2025

В торрентах с одним из самых популярных фильмов года рассылают опасный вирус

Recent reports indicate that torrent files for the film "Battle for Battle" are concealing a Trojan known as Agent Tesla, which can steal credentials, monitor computer activity, and take control of infected systems. The infection occurs when users download what appears to be the film file, which contains files like CD.lnk or Part2.subtitles.srt. Opening the first file executes a PowerShell script that interacts with the second file, leading to the installation of the Trojan. This malware can evade detection by Windows and antivirus programs by using harmless file types and PowerShell, complicating identification and mitigation efforts.

Tech Optimizer

December 12, 2025

The digital impersonators: How cybercriminals hijack your brand to launch malvertising attacks

Brand trust is highly valued by consumers, leading cybercriminals to exploit it through malvertising, which embeds malicious code in legitimate ads. Malvertising can redirect users to phishing sites or download malware. Cybercriminals create fake ads that mimic trusted brands, targeting high-traffic moments and using real-time bidding to distribute these ads on reputable sites. The process involves setting up fake accounts, creating convincing ads, purchasing ad space, and delivering malware through exploit kits. The consequences include identity theft and financial loss for consumers, and reputational damage for brands. To protect against these threats, organizations should implement regular software updates, continuous employee training, protective tools, and consider partnering with managed service providers for enhanced security measures.

Tech Optimizer

December 7, 2025

K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges

A security vulnerability, designated as CVE-2024-36424, has been found in K7 Ultimate Security antivirus software, allowing low-privileged users to escalate their permissions to the SYSTEM level, thus gaining full control over affected Windows devices. The flaw arises from inadequate access controls in the named pipe K7TSMngrService1, which allows limited permission programs to communicate with higher-privileged programs. Attackers can exploit this vulnerability to disable antivirus protection or execute malicious code with SYSTEM privileges. K7 Computing has released several patches to address the issue, but researchers have found ways to bypass these protections. The vulnerability affects K7 Ultimate Security version 17.0.2045 and potentially earlier versions, prompting organizations to upgrade to the latest patched version.

Winsage

December 4, 2025

This Windows Update Pop-Up Is a Scam

Hackers have exploited Windows update screens to deliver malware disguised as a "critical security update," a tactic known as the ClickFix attack. This attack uses social engineering techniques, including fake error messages and CAPTCHA forms, to trick users into executing harmful commands. The scam appears as a pop-up mimicking the standard Windows blue screen but originates from a malicious domain. Users are prompted to paste and execute harmful commands, leading to malware installation. Researchers from Huntress have detailed this attack, noting that malicious code can be embedded within PNG images. Although recent law enforcement actions have reduced the presence of malware payloads on these domains, the threat remains. Users should be cautious of any update screens that do not show a progress indicator or require manual command input, as these are signs of a ClickFix attack. Microsoft releases security updates on the second Tuesday of each month, and users are advised to enable automatic updates and consider disabling the Windows Run box for added security.