plugin Archives

AppWizard

April 7, 2026

There’s a brilliant fingerprint hack hiding on your Samsung phone — here’s how to use it

Samsung's Good Lock app allows users to personalize their devices, including a feature that enables different fingerprints to launch specific applications. Users can register multiple fingerprints and assign unique actions to each, such as opening Instagram with a left thumb or the Notes app with a right index finger. To set this up, users must download the Good Lock app, register their fingerprints, and use the Routines+ plugin to create routines that define actions for each fingerprint. This feature enhances convenience and productivity by providing quick access to frequently used apps and tasks.

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

AppWizard

March 31, 2026

A Brand New Ultimate Smash Minecraft Server – Classic Brawler Mechanics in a 3D Block World

The Ultimate SMASH Minecraft server has been launched and can be accessed via the IP address supersmash.eu. It is a Java Edition server that features a percentage-based damage system instead of traditional health bars, where players aim to strike opponents to increase their damage percentage. Key features include diverse arenas, a tactical arsenal of items, a party system for teaming up, cosmetic upgrades for avatars, and a scoreboard system for tracking gameplay. The server is accessible to players using Java Edition versions 1.20.2 and newer, and players can earn premium ranks through gameplay without spending real money. The development team encourages community engagement and regularly updates the server based on player feedback. Players can connect to the server at supersmash.eu or join the official Discord for updates.

AppWizard

March 4, 2026

Google stuffs Gemini into Android Studio Panda 2 to build apps from prompts

Google has released Android Studio Panda 2, featuring an AI agent that generates applications and an AI-enhanced version upgrade assistant. This version is based on JetBrains IntelliJ IDEA's community edition. The AI capabilities are powered by Gemini, Google's large language models, with a free tier offering a lightweight version of Gemini 2.5 Pro. Developers can create prototypes with a single prompt, and the AI agent automates project planning, code generation, error analysis, and self-correction. Users must sign into Gemini and enable AI integration, with data collection practices in place. A demonstration showed the AI generating a bridge deal analyzer, which functioned but had inaccuracies in the generated code. Android Studio also experienced performance issues and deprecated certain features, including the Custom View preview and 3D mode in the layout inspector.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

AppWizard

February 23, 2026

Minecraft Slimefun Dupe: Is It Real?

Slimefun is a server-side plugin for Minecraft that enhances the vanilla experience by adding new items, machines, and crafting possibilities without requiring client-side modifications. It allows players to create automated farms, develop tools, and build factories, encouraging experimentation and strategic planning through a complex crafting system. The plugin's modular design enables server administrators to customize it for different player preferences. There are rumors of item duplication glitches associated with Slimefun, with players claiming to find methods to multiply items. Historically, some legitimate glitches have existed, but developers actively patch these exploits. Engaging in item duplication is frowned upon as it disrupts the game’s economy, creates unfair advantages, and can lead to penalties such as temporary suspensions or permanent bans. Duplication undermines the integrity of gameplay, leading to disillusionment among honest players and potential technical issues on servers. Legitimate methods for duplicating items in Slimefun are largely nonexistent, as the plugin aims to maintain a balanced experience. Players are encouraged to build efficient farms and explore the game world for resource gathering, focusing on creativity and collaboration rather than unethical duplication methods.

Winsage

February 20, 2026

Copilot Arrives In Windows 11 File Explorer And Taskbar

Microsoft is integrating its AI assistant, Copilot, into the Windows 11 ecosystem, allowing users to access AI capabilities directly through familiar interfaces. Users can invoke Copilot agents by pressing the @ key in the taskbar search, enabling tasks like document summarization and research initiation without switching contexts. A "Researcher" agent can handle inquiries and provide comprehensive reports, enhancing productivity for knowledge workers. In File Explorer, a new Copilot icon allows users to summarize documents and extract insights without opening applications, improving efficiency with common file formats like Word and PDF. These features are available to Windows 11 users with Microsoft 365 Work or School accounts who have been granted access by their organizations. Copilot+ PC owners will benefit from additional functionalities such as voice transcription and contextual screenshotting, enabled by the Neural Processing Unit (NPU) in newer AI PC designs. Microsoft aims to position Copilot where work naturally occurs, but adoption remains low, with only 3.3% of users subscribing to premium tiers. The integration raises governance and privacy considerations for IT leaders, as it must comply with existing frameworks like Microsoft Purview. Best practices suggest piloting Copilot features with select users and implementing data loss prevention rules. Overall, the integration of Copilot into Windows 11 is designed to save users time and enhance productivity while maintaining organizational security.

Tech Optimizer

February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.

Winsage

February 1, 2026

5 Essential Free Apps That Aren’t Available On The Microsoft Store

The Microsoft Store has recently added applications like VLC, Foobar2000, Firefox, and Brave, but several essential applications are still missing, leading users to download installers from developers' websites. Microsoft has discontinued support for Office installations via the store, and the transition to allowing Win32 app formats has introduced more applications, although many developers may find this shift too late, with full support for Win32 apps not expected until 2025. Notable applications currently unavailable on the Microsoft Store include: - Steam: A critical gaming platform with over 140 million users, absent from the store due to Valve's competition with Microsoft. - Notepad++: A popular text and code editor known for its simplicity and versatility, requiring direct download from its official website. - Calibre: An open-source e-book manager that allows users to organize, convert, and enrich e-books, also needing to be downloaded from its official site. - qBittorrent: A free and open-source torrent client offering a clean interface and extensive features, available only through direct download from its official website. - Paint.net: While available on the Microsoft Store for a fee, it can be downloaded for free from the developer's website, providing robust image editing features.

Winsage

January 31, 2026

I tried QuickLook for Windows, and now I won’t give it up

The author transitioned from Windows to Mac and discovered macOS features like Spotlight Search, Hot Corners, a built-in file converter, and QuickLook, which enhanced their user experience. Upon returning to Windows, they sought alternatives and found the QuickLook app, which allows users to preview files by selecting them and pressing the space bar. QuickLook can be downloaded from the Microsoft Store and operates system-wide, enabling previews of various file types, including documents, images, media files, and compressed ZIP files. The app also allows basic modifications, such as editing text in Word documents and cropping images. QuickLook improves file browsing in Windows File Explorer and Open/Save dialog boxes and supports plugins for specialized file types.