Programming

Winsage
July 10, 2026
Microsoft has unveiled a destructive Windows backdoor named GigaWiper, which allows operators remote control over compromised systems to execute irreversible damage. GigaWiper originated from cyberattacks in October 2025 and is a composite of code from at least three malware families. It maintains its presence through a scheduled task disguised as “OneDrive Update,” executing at startup and every minute. GigaWiper can obliterate partition information, overwrite physical drives, and restart systems. It also mimics ransomware by encrypting files with the .candy extension, using randomly generated keys that are not stored, making recovery impossible. The malware has connections to the Crucio ransomware and resembles FlockWiper, with rewritten code in Go. GigaWiper features 20 command codes for various functions, including executing PowerShell instructions, managing processes, capturing screenshots, and remote access similar to VNC. It can remain on a system for surveillance until its destructive functions are activated. Microsoft Defender includes detection capabilities for GigaWiper, and users are advised to enable tamper protection and monitor for suspicious activities.
Winsage
July 7, 2026
Dave Plummer created a notepad application called Tiny Retro Pad, which is 2,686 bytes in size, contrasting with larger modern software. The application mimics the original Microsoft Notepad without contemporary features. Plummer emphasizes the importance of working within constraints, recalling a time when developers had to focus on efficiency due to hardware limitations. He utilized existing resources within the Windows ecosystem to maintain the compactness and functionality of Tiny Retro Pad.
Winsage
July 1, 2026
Microsoft has restored GIF functionality in the Emoji Panel for Windows 11 users after the retirement of the Tenor GIF search engine's API, which caused disruptions starting June 30. The company has transitioned to GIPHY as the new GIF provider, implemented in the preview cumulative update KB5095093 released on June 23 for Windows 11 versions 24H2, 25H2, and 26H1. Users are advised to install the latest updates to restore GIF functionality. Microsoft is also working on a solution for users on Windows 11 23H2 and Windows Server 2025. The KB5095093 update includes the Point-in-Time Restore feature and addresses various bugs and known issues.
Winsage
June 25, 2026
Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.
Winsage
June 25, 2026
Setting up a PC with the base Dev Config has been streamlined for developers, utilizing the Winget configuration service to install applications, execute updates, and apply developer settings on Windows. Users can access setup scripts by cloning a GitHub repository or downloading a zip archive, with clear instructions provided by Microsoft. The installation may require a reboot during the Windows Subsystem for Linux (WSL) installation, but the script resumes automatically afterward. The process installs applications such as PowerShell, Git, GitHub command-line interfaces, Windows App SDK, Visual Studio Code, and language support for Node.js, Python, and .NET. It also includes developer-friendly fonts and a theme engine for Windows Terminal, along with options for customizing File Explorer and the Windows Task Bar. After WSL installation, developers can use WSL Comfort scripts to install additional tools and personalize their Windows Terminal experience. This utility has two phases: the Windows component configures WSL and Ubuntu, while the Linux component fine-tunes the WSL environment, allowing for zsh and starship terminal display tools. It also integrates popular command-line interfaces and supports the Homebrew package installer, targeting existing Ubuntu instances without needing a new Linux distribution installation.
AppWizard
June 25, 2026
The 30th anniversary of Quake on June 22, 2026, led to reflections from its creators, particularly Sandy Petersen and John Carmack. Petersen stated, "Quake ruined id Software," acknowledging the game's achievements but highlighting the intense workload that drained the team. Carmack described the project as "overly ambitious technically" and admitted to pushing the team too hard, recognizing the need for a more balanced approach to ownership and work environment. He noted that the original corporate stock arrangement created poor incentives. Petersen mentioned that working in a large room eliminated spaces for relaxation, contributing to team stress. John Romero echoed these sentiments, reflecting on the culture at id Software and praising designer American McGee's contributions. The founders recognized their past mistakes while appreciating the legacy of their work, with id Software continuing to thrive with franchises like Wolfenstein, Doom, and Quake.
Winsage
June 23, 2026
Windows is experiencing a decline in favor among developers, with many preferring macOS and Linux for coding. Although nearly half of developers (49.5%) primarily work on Windows, this is often due to organizational mandates rather than personal preference. Developers interviewed did not select Windows as their preferred environment, citing concerns about Microsoft's developer experience, cumbersome tools, and security issues. The Windows Subsystem for Linux (WSL) allows developers to run Linux environments on Windows 11, addressing some compatibility issues. However, there is a consensus that Microsoft should enhance WSL and align Windows more closely with Linux to attract more developers. Critics also point to the intrusive nature of ads and upselling in Windows 11 as detracting from the developer experience.
AppWizard
June 21, 2026
Moonlight Pale is an indie survival horror game that has transitioned from a PC-exclusive project to a multi-platform release due to high pre-order demand. The developers plan to release the game on consoles, including Nintendo Switch, PlayStation 4, PlayStation 5, and Xbox Series X/S. Initially crowdfunded, the game surpassed its Kickstarter goal of ,566, raising over 0,000, which allowed the team to unlock stretch goals, including console ports and a physical edition for PS5 and Nintendo Switch. The game is set in a late 1800s female seminary, where players control Juliette, who follows the ghost of her deceased cat. Development began in December 2025, with foundational systems programmed, the full script completed, and voice lines recorded for the first two chapters. The launch window is targeted between Q4 2026 and Q1 2027, with the Kickstarter campaign ending on July 4, 2026.
AppWizard
June 20, 2026
Filmmaker Jordy Veenstra has been involved in Grand Theft Auto machinima for over a decade. He recently hosted "Machinima Dev Streams" on YouTube and Twitch, showcasing the production process of GTA 5 films, including challenges like location scouting and technical troubleshooting. Veenstra used tools such as Menyoo and ScriptHookVDotNet during the streams and encountered issues like game crashes that required restarts. He aims to expand future streams to share broader creative insights and experiences from his machinima projects.
Search