operators Archives

AppWizard

April 15, 2026

Stuck on a sketchy site? Google is finally putting a stop to it

Google is implementing updated spam policies to combat "back button hijacking," a deceptive practice that manipulates browser history and traps users on unwanted websites. Starting June 15, websites engaging in this practice will face penalties, including manual actions or drops in search rankings. Google has observed an increase in scripts that alter browser history, often through JavaScript, creating misleading entries that redirect users within the same site or to advertisements. Website owners have a two-month period to address these issues, as failure to do so could lead to significant traffic loss. Google's enforcement will begin after the deadline, with automated systems identifying and removing offending sites from search results.

Winsage

April 15, 2026

Why is France moving from Microsoft Windows to Linux

The government aims to reduce reliance on non-European digital solutions by transitioning from Windows to Linux-based systems for state operations. The national health insurance body is migrating 80,000 employees to state-approved digital tools, including secure messaging and file transfer platforms, with plans to transition the health data platform to a sovereign solution by the end of 2026. Ministries will submit roadmaps by autumn to outline strategies for reducing dependence on non-European technologies in areas such as workplace software, collaboration tools, cybersecurity, artificial intelligence, database management, and network equipment. A centralized strategy will oversee these initiatives, with industry meetings planned for June to formalize public-private partnerships. Additionally, Japan and France have agreed to enhance cooperation on critical mineral supply chains.

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Winsage

April 9, 2026

This fake Windows support website delivers password-stealing malware

A phishing campaign has been identified that uses a counterfeit Microsoft support website, microsoft-update[.]support, to trick users into downloading a malicious Windows update disguised as WindowsUpdate 1.0.0.msi. This file, created on April 4, 2026, appears legitimate but contains malware designed to steal sensitive information. The campaign targets French-speaking users, leveraging recent data breaches in France to create convincing scams. The malware, once executed, installs an Electron application that runs a Python interpreter, which then deploys various data theft tools. It employs two persistence mechanisms: modifying the Windows registry and creating a shortcut in the Startup folder. The malware connects to external sites for reconnaissance and data exfiltration, using domains like datawebsync-lvmv.onrender[.]com and store8.gofile[.]io. The malware's components have evaded detection by antivirus tools, with VirusTotal reporting zero detections for the main executable and its launcher. Users are advised to check their registry, remove suspicious files, change passwords, and run a full system scan if they suspect installation of the malicious update. Safe updating practices include using the built-in Windows update feature and being cautious of phishing attempts. Indicators of compromise include specific file hashes, domains associated with the phishing campaign, and file system artifacts related to the malware's installation.

Winsage

April 9, 2026

BlueHammer: Windows zero-day exploit leaked

A proof-of-concept (PoC) exploit called BlueHammer has been released on GitHub, targeting an unpatched local privilege escalation vulnerability in Windows. The exploit, attributed to users Chaotic Eclipse and Nightmare Eclipse, has been modified by security researchers to work on updated versions of Windows 10, 11, and Windows Server. The exploit manipulates Microsoft Defender to create a Volume Shadow Copy, allowing access to sensitive registry files and enabling the extraction of NTLM password hashes. This facilitates the alteration of a local Administrator's password and subsequent login. The exploit can duplicate the Administrator's security token and create a malicious Windows Service that runs with SYSTEM privileges. While there are no reports of BlueHammer being exploited by malicious actors, researchers warn that such PoC code can be weaponized quickly. Microsoft has committed to investigating reported security issues related to this vulnerability.

Winsage

April 7, 2026

Windows 11 is phasing out old kernel drivers: Microsoft will permanently end cross-signing in April

On March 26, 2026, Microsoft announced that starting with the April security update, it will eliminate trust in kernel drivers from the previous Cross-Signed Program for Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. Only drivers that have passed the Windows Hardware Compatibility Program (WHCP) or are on Microsoft's allow list will be allowed to load by default. This change aims to enhance security by establishing a robust chain of trust and addressing vulnerabilities associated with old kernel drivers. Users of older hardware that rely on specialized drivers may face challenges, as drivers not WHCP-signed or explicitly allowed will be excluded from the trusted zone.

Winsage

April 6, 2026

ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

A newly discovered Windows malware called ResokerRAT uses Telegram’s Bot API for its command-and-control operations, allowing it to monitor and manipulate infected systems without a conventional server. It obscures its communications by integrating with legitimate Telegram traffic, complicating detection. Upon execution, it creates a mutex to ensure only one instance runs and checks for debuggers to avoid analysis. It attempts to relaunch with elevated privileges and logs failures to its operator. ResokerRAT terminates known monitoring tools and installs a global keyboard hook to obstruct defensive key combinations. It operates through text-based commands sent via Telegram, allowing it to check processes, take screenshots, and modify system settings to evade detection. Persistence is achieved by adding itself to startup and altering UAC settings. The malware retrieves additional payloads from specified URLs and uses URL-encoded data for communication. Researchers have confirmed its Telegram traffic, and its behavior aligns with various MITRE ATT&CK techniques. Security teams are advised to monitor for unusual Telegram traffic and scrutinize registry keys related to startup and UAC.

Tech Optimizer

April 5, 2026

Linux 7.0 Cuts PostgreSQL Performance in Half

An AWS engineer reported a significant drop in PostgreSQL throughput on Linux 7.0, with performance reduced to approximately half of its previous capability. Benchmark tests showed that the removal of the PREEMPT_NONE scheduling option was the main cause of this regression. On a 96-vCPU Graviton4 instance, throughput measured at just 0.51x compared to earlier kernel versions. Salvatore Dipietro from Amazon/AWS conducted benchmarking analysis of PostgreSQL 17, revealing that Linux 7.0 delivered only 0.51x the throughput of its predecessors. The root cause was traced to kernel commit 7dadeaa6e851, which eliminated PREEMPT_NONE as the default option, leading to increased contention due to the new PREEMPT_LAZY model. Profiling data indicated that 55% of CPU time is consumed by spinning in PostgreSQL’s spinlock, causing significant performance degradation. When a revert patch was applied, throughput rebounded to 1.94x the baseline. The decision to restrict preemption modes in Linux 7.0 aimed to address issues within the kernel's scheduling model. Dipietro proposed a patch to restore PREEMPT_NONE, but kernel developers suggested PostgreSQL adopt the rseq time slice extension instead. Database operators running PostgreSQL on Linux face potential performance reductions with the upgrade to Linux 7.0.

AppWizard

April 5, 2026

10 Hacks Every Steam Gamer Should Know

- To maintain privacy on Steam, users can adjust their profile visibility settings under Steam > Settings > Account > Privacy Settings. - Steam allows family sharing of game libraries with up to five individuals in the same household through Steam > Settings > Family. - Users can customize game operations by entering commands in the Launch options box found in Properties > General of a game. - Steam enables users to add alternative storage locations for games via Steam > Settings > Storage and move games to optimize performance. - Download speed limits can be set in Steam under Settings > Downloads to ensure internet bandwidth is available for other activities. - Users can switch download servers in Steam by selecting a different server in Settings > Downloads to potentially improve download speeds. - Big Picture Mode can be activated in Steam under Settings > Interface for a user-friendly interface when using a gamepad. - Gamepad controls can be remapped by accessing Properties > Controller > Controller Configuration for any game in the library. - SteamDB provides insights into future sales, trending titles, and upcoming releases based on historical data. - The FPS counter can be enabled in Steam under Settings > In Game to monitor performance metrics like CPU, GPU, and RAM usage during gameplay.

AppWizard

April 3, 2026

IAEA Launches Global Student Challenge to Design Sustainable Uranium Mines Using Minecraft

The International Atomic Energy Agency (IAEA) has launched a global competition for university students to design and simulate sustainable uranium mining operations using the Minecraft Education platform. Teams of two to four members must create a comprehensive mining system that includes ore extraction and yellowcake production, incorporating advanced technologies such as robotics, smart sensors, and optimized processes. Submissions are due by 1 July 2026, and the winning team will present their project at the International Conference on Fuel Supply Chain for Sustainable Nuclear Power Development in Vienna, Austria, from 13–15 October 2026. Participants must submit an entry form, a university enrollment confirmation letter, a 5–7 minute video demonstrating their mining concept, and a sustainability commitment statement. The competition aims to inspire students to pursue careers in uranium exploration and mining amid rising global demand for nuclear energy. Modern uranium mining is increasingly adopting technologies to enhance safety and minimize environmental impact, with a focus on efficiency and sustainability.