PNG Archives

AppWizard

January 10, 2026

It’s not the news we wanted but it’s what we expected: EA has finally admitted Project Rene is a ‘mobile-first’ game

Electronic Arts (EA) has confirmed that Project Rene is a mobile game focused on social multiplayer experiences, not the next installment of The Sims series. EA aimed to set realistic expectations amid concerns about the company's buyout. A leaked image showed custom characters in a vibrant outdoor plaza engaging in activities together. Many fans expressed disappointment at the mobile-only experience, especially after speculation about The Sims 5. EA noted that Project Rene has "evolved" from an earlier vision that may have included The Sims 5. More than half of the Sims development team is focused on enhancing The Sims 4 and exploring its next evolution, with more details to be shared in the coming months. EA plans to provide more information in 2026 as they continue to playtest new ideas for the franchise.

Winsage

December 31, 2025

Windows 11’s best utilities are merging — and it’s more polished than macOS

The third-party file explorer, Files, has integrated with PowerToys Peek in version 4.0.24, enhancing user experience by allowing seamless file previews. This integration began rolling out during the festive week between Christmas and New Year’s. The update also includes a feature for faster file and folder creation with prefilled default names, improvements to the Omnibar with a shadow for suggestions, and text wrapping in the Status Center for longer folder names. Users can now use AND and OR operators for tag searches. Additionally, several fixes were made, including resolving crashes in Dual Pane mode and during git branch switching, as well as correcting display issues with PNG-based .ico files. Files is available for free on GitHub and the Microsoft Store.

Winsage

December 4, 2025

This Windows Update Pop-Up Is a Scam

Hackers have exploited Windows update screens to deliver malware disguised as a "critical security update," a tactic known as the ClickFix attack. This attack uses social engineering techniques, including fake error messages and CAPTCHA forms, to trick users into executing harmful commands. The scam appears as a pop-up mimicking the standard Windows blue screen but originates from a malicious domain. Users are prompted to paste and execute harmful commands, leading to malware installation. Researchers from Huntress have detailed this attack, noting that malicious code can be embedded within PNG images. Although recent law enforcement actions have reduced the presence of malware payloads on these domains, the threat remains. Users should be cautious of any update screens that do not show a progress indicator or require manual command input, as these are signs of a ClickFix attack. Microsoft releases security updates on the second Tuesday of each month, and users are advised to enable automatic updates and consider disabling the Windows Run box for added security.

AppWizard

November 27, 2025

If you love Minecraft, this new Thermaltake CPU cooler is absolutely perfect for you

The Thermaltake Minecube 360 Ultra ARGB Sync CPU cooler is an all-in-one liquid cooler featuring four LCD displays arranged in a cube design. Each display measures 3.95 inches square with a resolution of 720 x 720, and the cooler supports various image and video formats through its TT LCD Screen Software. Users can customize visuals and monitor system information like memory usage and CPU temperature. The cooler has a copper base, a 27mm thick radiator, and three 120mm Swafan EX ARGB Sync fans. It is priced at 9, making it one of the more expensive coolers on the market.

Winsage

November 25, 2025

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity experts have identified a new campaign that combines ClickFix tactics with counterfeit adult websites to trick users into executing harmful commands under the guise of a "critical" Windows security update. This campaign uses fake adult sites, including clones of popular platforms, as phishing mechanisms, increasing psychological pressure on victims. ClickFix-style attacks have risen significantly, accounting for 47% of all attacks, according to Microsoft data. The campaign features convincing fake Windows update screens that take over the user's screen and instruct them to execute commands that initiate malware infections. The attack begins when users are redirected to a fake adult site, where they encounter an "urgent security update." The counterfeit Windows Update screen is created using HTML and JavaScript, and it attempts to prevent users from escaping the alert. The initial command executed is an MSHTA payload that retrieves a PowerShell script from a remote server, which is designed to deliver multiple payloads, including various types of malware. The downloaded PowerShell script employs obfuscation techniques and seeks to elevate privileges, potentially allowing attackers to deploy remote access trojans (RATs) that connect to command-and-control servers. The campaign has been linked to other malware execution chains that also utilize ClickFix lures. Security researchers recommend enhancing defenses through employee training and disabling the Windows Run box to mitigate risks associated with these attacks.

Winsage

November 25, 2025

Do Not Download These Windows Security Updates, Experts Warn

Security experts at Huntress have confirmed that hackers are using ClickFix malware to distribute fake Windows security updates, deceiving users into executing harmful commands. Over the past year, these attacks have increased, with both state-sponsored actors and cybercriminal organizations employing this tactic. Microsoft has indicated that ClickFix is the most frequently used method for gaining initial access, representing 47 percent of attacks noted in Microsoft Defender notifications. A report released on November 24 revealed a new wave of ClickFix attacks utilizing realistic Windows Security Update screens to deploy credential-stealing malware. The campaign employs steganography to conceal malware within PNG images, embedding harmful code directly within the pixel data. Windows users are advised to remain vigilant and recognize that legitimate updates will never request users to cut and paste commands into the Windows run prompt from a web page.

Winsage

November 25, 2025

ClickFix attack uses fake Windows Update screen to push malware

Recent observations have identified ClickFix attack variants where cybercriminals use deceptive Windows Update animations on full-screen browser pages to hide malicious code within images. Victims are misled into executing harmful commands through specific key sequences that copy and execute commands via JavaScript. Security researchers have documented these attacks since October, noting the use of LummaC2 and Rhadamanthys information stealers. Attackers utilize steganography to embed malware payloads within PNG images, reconstructing and decrypting them in memory using PowerShell and a .NET assembly called the Stego Loader. A dynamic evasion tactic known as ctrampoline complicates detection by initiating calls to numerous empty functions. The shellcode extracted from the encrypted image can execute various file types directly in memory. Following a law enforcement operation on November 13, the Rhadamanthys variant's payload delivery through fake Windows Update domains ceased, although the domains remain active. Researchers recommend disabling the Windows Run box and monitoring suspicious process chains to mitigate risks.

Winsage

November 25, 2025

ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

A new wave of ClickFix attacks has emerged, using fake Windows Update screens and PNG image steganography to deploy infostealing malware like LummaC2 and Rhadamanthys. The attacks trick users into executing a command by pressing Win+R and pasting a command copied to their clipboard. Attackers have shifted from using “Human Verification” lures to more convincing full-screen fake Windows Update screens. The fake update prompts users to run a command that initiates mshta.exe with a URL containing a hex-encoded IP address, leading to the download of obfuscated PowerShell and .NET loaders. A notable feature of the campaign is the use of a .NET steganographic loader that hides shellcode within the pixel data of a PNG image, which is decrypted and reconstructed in memory. The shellcode is Donut-packed and injected into processes like explorer.exe using standard Windows APIs. Huntress has been monitoring these ClickFix clusters since early October, noting the use of the IP address 141.98.80[.]175 and various paths for the initial mshta.exe stage, with subsequent PowerShell stages hosted on domains linked to the same infrastructure. Despite the disruption of Rhadamanthys’ infrastructure in mid-November, active domains continue to serve the ClickFix lure, although the Rhadamanthys payload appears to be unavailable. To mitigate the attack, disabling the Windows Run box through Group Policy or registry settings is recommended, along with monitoring for suspicious activity involving explorer.exe. User education is critical, emphasizing that legitimate processes will not require pasting commands into the Run prompt. Analysts can check the RunMRU registry key to investigate potential ClickFix abuse.

Winsage

November 25, 2025

New ClickFix attacks use fake Windows Updates to swipe creds

A surge in ClickFix attacks is occurring, where attackers use deceptive Windows update screens to trick users into downloading infostealer malware. This method has become the primary means of initial access for cybercriminals, as reported by Microsoft. State-sponsored actors and organized crime groups are increasingly using this tactic. Huntress security experts have noted a shift from traditional prompts to convincing fake Windows update screens, showcasing the attackers' adaptability. Cyber adversaries are utilizing a steganographic loader to deliver infostealing malware like Rhadamanthys, encoding malicious code within PNG images to evade detection. Between September 29 and October 30, 2025, Huntress investigated 76 incidents linked to this campaign across various regions, with one incident involving the IP address 141.98.80[.]175. Victims typically visit a malicious site that triggers a full-screen blue Windows Update screen, leading them to install a “critical security update” through a series of commands. This process involves executing a command that runs PowerShell code to deploy a steganographic loader, ultimately leading to the installation of Rhadamanthys, which captures login credentials. Comments in the lure site's source code are in Russian, suggesting the attackers' identity remains unknown. As of November 19, multiple domains continue to host the lure page, although the payload is no longer actively hosted. Organizations can defend against these attacks by blocking access to the Windows Run box and educating employees about the ClickFix technique.

Winsage

November 22, 2025

How to manage AI actions in File Explorer on Windows 11

Microsoft has introduced AI enhancements in Windows 11, particularly in File Explorer, featuring "Ask Copilot" and "Semantic Indexing." AI actions have been added to the context menu, allowing users to perform tasks based on file types, with integration into Microsoft 365 apps, Photos, or Paint. The rollout began with the September 2025 Security Update, but users in Europe may experience delays in access. To enable AI actions in File Explorer, users should open Settings, click on Apps, select the Actions page, and turn on the AI actions. Users can engage with AI actions by right-clicking on image files (JPG, JPEG, PNG) and selecting options like Bing Visual Search, Blur Background, Erase Objects, Remove Background, and Describe Image. If Microsoft 365 apps are installed, users can summarize documents and convert tables without opening the apps. To disable AI actions, users can follow the same steps as enabling them but turn off the AI actions instead. The "AI actions" menu will still appear, but no active features will be displayed.