processes Archives

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

AppWizard

June 16, 2026

Malaysia’s AI agent-powered messaging app Respond.io raises $62.5M, eyes acquisitions

In 2017, Respond.io was founded to help businesses adapt to customer shifts towards messaging applications. It is headquartered in Kuala Lumpur and recently raised million in a Series B funding round, following a million Series A round in 2022. The company reported an annual recurring revenue (ARR) of million, a 169% year-over-year increase, with a 30% profit margin. Co-founders include Gerardo Salandra (CEO), Hassan Ahmed (CTO), and Yaroslav Kudritskiy (COO), who initially started the company in Hong Kong before relocating to Malaysia. Respond.io's platform caters to mid- to large-sized B2C enterprises, facilitating customer interactions across various messaging channels and utilizing AI for efficiency. The target market consists of "high-consideration" businesses, with an ideal customer profile of companies having 200 to 10,000 employees. Respond processes 2 billion messages quarterly and has a unique pricing model based on conversation volume rather than per user. The company emphasizes a data flywheel effect that enhances AI capabilities through increased message volume. Plans for growth include hiring, organic expansion, and strategic acquisitions, particularly in Europe and North America, which are projected to become larger revenue segments. Currently, revenue is distributed with 30% from APAC, 30% from Latin America, and 20% from the Middle East and Africa, with the remaining 20% from North America and Western Europe. Salandra expressed a cautious approach to growth and aspirations for a future public offering on Nasdaq.

Winsage

June 16, 2026

Microsoft Teams will auto-detect when you’re at the office via Wi-Fi, roll out confirmed, but you can opt-out

Microsoft is rolling out a feature called "Workplace check-in" that allows organizations to track employee presence in the office through Wi-Fi connectivity, integrated with Microsoft Teams and configured via Microsoft Places. This feature, first noted in September 2025, will not be enabled by default. It logs an employee's location when they connect to the company’s Wi-Fi, such as when they arrive at the office. The rollout was delayed due to privacy concerns, but Microsoft is moving forward, ensuring users can control their participation. The feature does not provide real-time tracking like mapping services but indicates presence based on Wi-Fi connection. Users must grant location access through their operating system, and if they decline, IT policies cannot override this choice. Teams’ Workplace check-in is disabled by default and can be activated by IT administrators with two options: Inform mode, which notifies users of the feature and allows opting out, and Ask mode, which requests permission to share location data. Microsoft clarifies that the feature is not intended for surveillance and does not track movements over time. Employees can choose whether their presence is visible to others while on-site. The initial rollout is tied to organizations using the Microsoft Places directory, and as organizations set up the feature, more users will likely be affected. Additionally, Microsoft is enhancing Teams with improvements for speed and a new user interface for meetings.

Winsage

June 16, 2026

Microsoft’s new Outlook takes 10 seconds to do what Outlook Classic does instantly on Windows

Microsoft's Outlook for Windows is facing criticism for its notification handling, particularly in the new Outlook version built on the WebView2 framework. Users experience a delay of approximately 10 seconds when clicking on email notifications, compared to the near-instantaneous access provided by Outlook Classic, which allows users to open new emails in about five seconds. The new Outlook consumes significantly more memory and CPU resources, using between 490 MB and 636 MB of RAM, while Outlook Classic operates within 117 MB to 148 MB. Despite updates aimed at improving the new Outlook, the core issue of notification handling remains unresolved. Microsoft is working on enhancements, but the performance limitations of the WebView2 architecture continue to affect user experience. Outlook Classic will continue to be supported until April 2029.

Winsage

June 15, 2026

Windows 11’s June update makes PCs feel faster. Here’s what’s new

On Patch Tuesday in June 2026, Microsoft released a significant update for Windows 11, designated as KB5094126. Key enhancements include: - Low Latency Profile: Boosts CPU clock speeds temporarily for specific tasks, reducing lag during operations. - Simultaneous Webcam Access: Allows multiple applications to use the webcam simultaneously. - Shared Audio: Enables two users to connect headphones to one PC for shared audio enjoyment. - NPU Usage Monitoring: Task Manager displays Neural Processing Unit usage for individual processes, with new columns for NPU and NPU Engine. - Enhanced Windows Search: Users can locate files with just two characters instead of three. The update also introduces new Secure Boot certificates for improved security. After installation, Windows 11 build numbers will show either 26200.8655 (25H2) or 26100.8655 (24H2). Updates are rolled out gradually, so some users may experience delays in accessing features.

AppWizard

June 15, 2026

Claude Fable 5 built Minecraft clone in 20 minutes, X user claims | ‘Generating games is just gonna be the way’

An X user created a Minecraft clone in 20 minutes using Anthropic's AI model, Claude Fable 5. The game features multiple biomes, day-night cycles, a variety of ores, and intricate caves.

Winsage

June 14, 2026

What’s New With Windows 11 in 2026

Windows 11, introduced by Microsoft in 2021, has evolved into a simpler and more attractive platform while retaining familiarity. As of 2026, it continues to enhance features and address customer feedback. Microsoft now releases a new version of Windows 11 annually, with each version supported for two years for Home and Pro editions. Currently, versions 24H2 and 25H2 are supported and functionally identical, while the new 26H1 version is for laptops with Qualcomm Snapdragon X2 processors. The hardware requirements have become more lenient, and Microsoft has introduced a Copilot+ PC brand for high-end machines with advanced microprocessors. Updates have been revamped for a more predictable experience, and users can manage updates through new options. The user interface has been refined with a modern aesthetic, including Light and Dark modes, centered Taskbar icons, and an evolved Start menu. Windows 11 supports multitasking with familiar tools like Alt + Tab and enhanced Snap features. File Explorer has been updated with a modern interface and integration with OneDrive. The Microsoft Store has been redesigned for a broader selection of apps, and Microsoft Edge is bundled with Windows 11, although it has faced criticism for overriding user preferences. Windows 11 includes preloaded apps leveraging AI, such as Microsoft Copilot and Microsoft 365 Copilot, along with updated core applications. It supports gaming with a dedicated Xbox app and Game Pass subscriptions, and simplifies user account management with robust security features like Windows Hello. For power users, it offers a modern Terminal app and advanced configuration options in the Settings app.

Tech Optimizer

June 14, 2026

Avast Free Antivirus: classic security staple for everyday PCs

Avast Free Antivirus is a free antivirus solution for Windows PCs developed by Avast (Gen Digital). It provides essential malware protection, real-time scanning, and web safety features without requiring a paid subscription. Users in the U.S. can download it from the official Avast website and install it on compatible Windows systems. The software identifies and blocks viruses, spyware, ransomware, and other forms of malware using signature-based detection and cloud-assisted analytics. It includes features such as real-time protection, on-demand scanning, an email shield, a Wi-Fi inspector, and behavior shields. Avast Free Antivirus offers automatic updates to ensure current protection against emerging threats. It serves as a gateway product to Avast's paid tiers, which offer additional features. The software is primarily aimed at home users who need basic antivirus protection and is available for free personal use.

Tech Optimizer

June 14, 2026

Automate Amazon Aurora PostgreSQL major or minor version upgrade using AWS Systems Manager and Amazon EC2

Managing upgrades for the Aurora PostgreSQL-Compatible Edition can be labor-intensive and error-prone when done manually. Automating Amazon Aurora PostgreSQL upgrades can reduce manual effort by up to 80% and minimize downtime risks through consistent procedures. The automation solution uses AWS Systems Manager, Amazon EC2, and AWS Secrets Manager, structured around two modules: PREUPGRADE for readiness checks and UPGRADE for the actual upgrade process. The solution identifies upgrade candidates using database tags, creates safety backups with Copy-on-Write clones, manages the upgrade process with minimal human intervention, and offers real-time monitoring and email notifications. The workflow includes logging into the Systems Manager console, downloading the upgrade script, identifying Aurora PostgreSQL clusters based on tags, retrieving credentials from AWS Secrets Manager, executing pre-upgrade checks or upgrades, uploading log files to Amazon S3, and sending email notifications via Amazon SNS. Prerequisites include familiarity with the Aurora upgrade process, appropriate IAM permissions, creating a maintenance user, setting up AWS Secrets Manager, tagging Aurora clusters, creating an S3 bucket, and configuring an SNS topic for notifications. Implementation steps involve reviewing setup instructions, uploading the upgrade script to S3, creating an AWS Systems Manager automation document, executing the automation document, and monitoring the upgrade process through logs generated during pre-upgrade and upgrade phases. The logs provide detailed information on tasks performed, including replication slot status and configuration backups. After testing, it is recommended to clean up resources to avoid future charges.