monitoring Archives

Tech Optimizer

February 11, 2026

Hackers Used Hugging Face to Distribute Android Banking Trojans

Cybersecurity researchers have identified a malware campaign that exploited Hugging Face's AI infrastructure to distribute Android banking trojans. The attackers used a deceptive app called TrustBastion, which tricked users into installing what appeared to be legitimate security software. Upon installation, the app redirected users to an encrypted endpoint that linked to Hugging Face repositories, allowing the malware to evade traditional security measures. The campaign generated new malware variants every 15 minutes, resulting in over 6,000 commits in about 29 days. It infected thousands of victims globally, particularly in regions with high smartphone banking usage but lower mobile security awareness. The operation is believed to be linked to an established cybercriminal group. Security experts warn that this incident highlights vulnerabilities in trusted platforms and calls for improved security measures, including behavioral analysis systems and verification of application authenticity. The incident has also sparked discussions about the need for enhanced security protocols for AI platforms.

Tech Optimizer

February 10, 2026

AKDAN Malware Hunters blocks new malware that are difficult to detect with existing Antivirus with ‘AKDAN HALL’

AKDAN Malware Hunters has launched the AKDAN HALL PED, a security solution that detects and neutralizes unknown document-based malware in 0.27 seconds, achieving a 99% success rate against emerging threats. This technology uses Pre-Execution Detection (PED) and a virtual "hypnosis" environment to analyze potentially malicious behavior, differing from traditional antivirus software that relies on known threat databases. CEO Sean Jeon, with over 15 years in cybersecurity, emphasizes the need for proactive measures as 91% of cyberattacks start via email, often using document-based malware. The AKDAN HALL product line includes a cloud-based agent for personal use and the AKDAN HALL Mini, a compact server for sensitive environments, both designed to complement existing antivirus solutions. The company has received support from the Initial Startup Package program at Seoul National University of Science and Technology and plans to expand into the Japanese market.

Tech Optimizer

February 10, 2026

Why Should Small Businesses Invest In Antivirus Protection?

53% of UK businesses experience cybercrime attempts at least once a month, and 70% of business owners anticipate a cyber attack in the near future, yet only 35% feel adequately prepared. 43% of cyberattacks are directed at small businesses, with over half potentially closing due to the damage. Antivirus software is a cost-effective solution that can prevent data breaches, reduce the likelihood of ransomware, and protect devices of remote workers.

Winsage

January 31, 2026

Microsoft explores bringing Linux-like top menu bar to Windows 11 with new PowerToys feature

The PowerToys team at Microsoft is developing a new feature that introduces a menu bar for the Windows desktop, providing glanceable system information and music controls. This dock can be pinned to any edge of the screen and allows users to pin existing PowerToys extensions without code modifications. It can be enabled from Command Palette settings and aims to enhance quick awareness of system metrics like RAM usage and CPU temperatures. User feedback is encouraged to shape its development, and developers can test this feature in a dedicated branch, although it is not yet part of the main PowerToys release.

Winsage

January 31, 2026

Miss Windows 10’s movable taskbar? You still can’t relocate it in Windows 11, but new PowerToys feature could be the next best thing

A new menu bar concept is being considered for Windows 11 users, which could serve as an optional dock for the Command Palette within Microsoft's PowerToys suite. This feature aims to provide quick access to favorite tools and essential system-monitoring information. Windows 11 has faced criticism for not allowing the taskbar to be repositioned to the top of the screen, and the proposed top menu bar could offer a workaround. The Command Palette is envisioned as a future replacement for the Run utility, allowing users to launch applications and access utilities seamlessly. The dock could display information such as CPU usage and internet speeds, and users would have customization options for its appearance. While some users are concerned about losing desktop space, PowerToys allows users to choose whether to enable the Command Palette dock. There are suggestions that this dock could evolve into a full taskbar replacement, incorporating Windows 11 taskbar elements as widgets. PowerToys is designed as an add-on rather than a replacement for core Windows functionality. Microsoft is focusing on enhancing Windows 11, with hopes for user-requested features like taskbar repositioning.

Tech Optimizer

January 31, 2026

Waystar Holding Taps EDB Postgres AI To Power Next‑Phase Growth

Waystar Holding (NasdaqGS:WAY) is integrating EDB Postgres AI into its healthcare payments platform to improve reliability and operational performance. This platform processes transactions for about half of the U.S. patient population. The adoption of EDB Postgres AI is expected to enhance efficiency in serving hospitals, clinics, and insurers. Waystar has previously embraced AI through its AltitudeAI offerings and the acquisition of Iodine Software, aligning with a broader initiative toward AI-driven automation. The partnership with EDB may improve processing reliability and streamline new automation features, but there are risks related to execution and competition from other companies enhancing their AI capabilities. Future metrics to monitor include uptime, processing speed, and the adoption of AI-driven workflows.

AppWizard

January 30, 2026

UK-based founders accused of sharing app data with Iranian authorities

Hadi and Mahdi Anjidani lead TS Information Technology, a UK branch of the Iranian firm Towse’e Saman Information Technology, known for developing Gap Messenger, a domestic alternative to Telegram. The company is registered in West Sussex, UK. Gap Messenger claims to be encrypted and not share user data with third parties, but Iranian digital rights researchers have raised concerns about its involvement in state surveillance, supported by leaked emails from Iran’s attorney general's office from 2022. Mahdi Anjidani, the CEO, has publicly supported government regulation of foreign messaging apps and has identified himself as a proponent of the Islamic Revolution. Gap Messenger operates within Iran's state-controlled internet, often during internet shutdowns linked to protests. The Anjidani brothers' business operations suggest a close alignment with Iranian authorities, as domestic messaging platforms typically require significant political backing to operate.

AppWizard

January 30, 2026

DoubleVerify warns of ‘zombie’ Android app fraud surge

DoubleVerify has raised concerns about a mobile scam involving the hijacking of dormant Android developer accounts, referred to as "zombie" accounts, which are exploited to publish fraudulent gaming applications on Google Play. This new tactic allows fraudsters to bypass automated checks due to the accounts' history of legitimate activity. The fraudulent apps generate invalid traffic, drain advertiser budgets, and excessively consume device battery power. DoubleVerify has identified unusual traffic patterns, such as surges at early morning hours, which do not align with typical gaming behavior, indicating the presence of bot clusters generating ad requests. Specific examples include dormant accounts that suddenly shifted to publishing gaming apps after years of inactivity. The reliance on developer history as a trust signal poses risks for advertisers, as it can lead to distorted campaign measurements and brand risks. DoubleVerify advocates for real-time behavioral analysis to enhance detection and protection against these threats.

Winsage

January 29, 2026

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence

Praetorian Inc. has launched Swarmer, a tool that enables low-privilege attackers to maintain stealthy persistence in the Windows registry while avoiding detection by Endpoint Detection and Response (EDR) systems. Swarmer uses mandatory user profiles and the Offline Registry API to modify the NTUSER hive without triggering standard registry hooks. It operates by creating an NTUSER.MAN file that replaces the NTUSER.DAT hive upon user login, allowing low-privilege users to manipulate registry settings without alerting EDR tools. Swarmer employs functions from Microsoft’s Offline Registry Library, enabling it to perform operations without invoking Reg* API calls, thus evading detection mechanisms. Swarmer's workflow involves exporting the HKCU registry, modifying it, and executing the tool with specific commands to place the modified NTUSER.MAN file into the user profile. It can be used as an executable or a PowerShell module. While it presents a novel method for persistence, Swarmer has limitations, such as being unable to update without admin access and requiring user login to activate. Detection strategies include monitoring for NTUSER.MAN file creation and Offreg.dll usage in non-standard processes.

Tech Optimizer

January 29, 2026

Aurora PostgreSQL 13 Deadline: Four Upgrade Paths to Beat February Cutoff

Standard support for Amazon Aurora PostgreSQL-Compatible Edition and Amazon RDS for PostgreSQL version 13 will end on February 28, 2026. PostgreSQL 13 will be deprecated by the community in November 2025, ceasing to receive bug fixes or security patches. AWS recommends upgrading to newer versions, such as 16 or 17, which offer significant performance enhancements and improved security. PostgreSQL 17 can achieve up to twice the write throughput and consumes 20 times less memory during vacuum operations. Version 16 introduces pg_stat_io for detailed I/O statistics, while version 14 includes a vacuum emergency mode. Aurora-specific enhancements in version 14.9 and later can lead to faster query latency and reduced costs. Version 14 introduces new roles for access control, and version 15 revokes certain permissions. Major upgrades in logical replication include automatic slot synchronization in version 17 and support for parallel apply in version 16. Transitioning between major versions requires careful examination of catalog changes, as some views and configuration parameters will evolve. Extensions must be verified, as most do not auto-upgrade. An in-place major version upgrade can be performed via the AWS Console or CLI, with downtime varying based on database size. AWS recommends snapshot-based testing beforehand. The CLI command can check valid upgrade targets, leading from version 13 to 14, 15, 16, or 17. Preparation involves validating instance classes and dropping replication slots. Amazon RDS Blue/Green deployments allow for near-zero downtime by synchronizing production with a staging environment, enabling application testing before traffic switching. This feature is supported from Aurora PostgreSQL version 13.12 onward. Logical replication through pglogical offers flexibility for minimal downtime, while AWS DMS supports homogeneous migration with Change Data Capture. Extended Support is available for a fee, providing up to three years of security patches. Best practices include replicating production environments in staging, conducting load tests, and validating queries against new catalogs. Recent minor releases, including Aurora PostgreSQL 17.6 and 16.10, showcase ongoing improvements. Engaging AWS Support is advisable for complex setups to ensure seamless transitions before the deadline.