protocol Archives

Winsage

March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.

AppWizard

March 2, 2026

Best Secure and Encrypted Messaging Apps in 2026

Your text messages and calls can be intercepted by hackers, corporations, and government entities, putting your private information at risk. Corporations may use your messages for targeted advertising or sell your data, while hackers may exploit it for identity theft or fraud. Governments may monitor communications under the guise of national security. Secure messaging apps are essential to protect your communications, as many default options expose sensitive information through metadata or lack proper security. Signal is recognized as the most secure messaging app, offering end-to-end encryption, being open-source, and free of charge, though it requires a phone number for registration. Threema allows complete anonymity without data collection but has no free version. Telegram, while popular, has security concerns as not all communications are end-to-end encrypted by default. WhatsApp and Keybase are discouraged due to ownership issues affecting privacy. Characteristics to look for in a secure messaging app include end-to-end encryption, third-party testing, open-source code, self-destructing messages, and minimal user data collection.

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

AppWizard

February 26, 2026

Google Outlines How AI Agents Will Interact with Android Apps

Google is enhancing Android apps to align with user expectations for artificial intelligence, similar to advancements in Windows 11. Developers received a preview of this initiative, which includes a new feature called AppFunctions. This feature allows Android apps to expose public interfaces for specific functionalities, enabling seamless interaction with AI agents and system-level services. AppFunctions are analogous to the Model Context Protocol (MCP) for cloud-based AI interconnectivity and will be accessible through Google's Jetpack library and platform APIs, ensuring local interactions on devices. AppFunctions are currently in early development, with initial examples implemented in the upcoming Gemini version for the Samsung Galaxy S26 series and other Samsung devices running OneUI 8.5 and higher. Users will interact with Calendar, Notes, and Tasks using AppFunctions to streamline activities. Google is launching an early preview of AppFunctions through a beta feature in the Gemini app, available on the Galaxy S26 series and select Pixel 10 devices, allowing users to delegate tasks to AI agents by double-pressing the power button. The initial rollout will focus on apps in food delivery, grocery, and rideshare sectors in the US and Korea. AppFunctions are expected to be integrated into Android 17, with a stable release anticipated around mid-year.

AppWizard

February 26, 2026

Google details MCP-like ‘AppFunctions’ that let Gemini use Android apps

Google has introduced early-stage developer capabilities for Android aimed at connecting applications with intelligent agents and personalized assistants, specifically Google Gemini, while prioritizing privacy and security. A key feature of this initiative is AppFunctions, introduced with Android 16, which allows applications to expose specific capabilities for access by agent apps, enabling seamless task execution on devices. Developers can define app functionalities for AI assistants, facilitating various use cases such as task management, media creation, cross-app workflows, and calendar scheduling. A practical example includes the Samsung Gallery app, where users can request specific photos through Gemini, which triggers the appropriate function to retrieve them. Additionally, Google is advancing a UI automation framework for AI agents, allowing for the execution of generic tasks across applications with minimal coding. Future expansions of these capabilities are planned for Android 17, with ongoing collaboration with select app developers to enhance user experiences.

AppWizard

February 25, 2026

Numo Launches Bitcoin Tap-to-Pay App For Merchants

Numo has introduced a tap-to-pay point-of-sale app that allows merchants to accept Bitcoin payments without additional hardware, utilizing the Cashu open-source ecash protocol. The app is available for free as an open-source Android download, with plans for a Google Play Store release. It uses NFC technology for quick transactions, enabling customers to pay via a Cashu wallet interacting with an NFC tag on the merchant's device. Payments are settled in Cashu ecash, which can be automatically transferred to a merchant's Lightning address once a specified balance is reached. Numo also supports Lightning invoices and offers features like inventory management, payment history tracking, offline payment support, and tipping options. The app has no platform fees and is developed under the MIT license, aiming to simplify Bitcoin payments for merchants. Cashu employs blind signatures for privacy-preserving custodial payments and connects independent mints over the Lightning Network.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

AppWizard

February 21, 2026

Android users put on high alert: Malware hides in TV streaming apps

A new strain of malware called Massiv has been identified by the fraud detection firm ThreatFabric. This malware disguises itself as legitimate IPTV applications to steal financial information and identities. IPTV refers to Internet Protocol Television, often associated with unauthorized content streaming. Many of these malicious apps are not found on reputable platforms, leading users to unofficial sources where malware can be embedded. The malware can monitor screens in real-time and extract data from the phone's Accessibility Service, allowing attackers to interact with devices without users' knowledge. Cybercriminals can then open bank accounts in victims' names, leading to debts with banks the victims have never interacted with. ThreatFabric has noted an increase in fake IPTV applications used for malware delivery, particularly in Portugal, Spain, France, and Turkey. Many of these apps do not provide free content but instead deliver malware. Users are advised to avoid sideloading applications from untrusted sources.

AppWizard

February 20, 2026

Proton VPN has removed OpenVPN support for Android – here’s what you need to know

Proton VPN has updated its Android application by removing support for the OpenVPN protocol, citing its outdated nature and slower performance compared to newer protocols like WireGuard and its proprietary Stealth protocol. Users can no longer select OpenVPN in the app, but Proton VPN's servers will still support OpenVPN connections through manual configuration with third-party applications. However, manual configuration files downloaded before September 2023 are no longer supported, and users must download updated files before February 28, 2026, as older configurations will stop working after that date. The removal of OpenVPN has reduced the app's size by approximately 36% and aims to improve efficiency and connection speeds while maintaining security standards.