protocol Archives

Winsage

April 13, 2026

Microsoft tightens Windows 11 driver security rules

Microsoft will enforce a new mandate requiring all hardware drivers to comply with the Windows Hardware Compatibility Program (WHCP) standards starting April 1, 2026. This change will eliminate the "cross-signing" system that allowed older drivers with expired certificates to remain trusted. The enforcement of WHCP certification will apply to various versions of Windows 11 and Windows Server 2025. Users may face blocks when installing older drivers on new systems, but existing installations will not be immediately disrupted. Microsoft plans to introduce an "allow list" for vetted legacy drivers to ensure essential equipment remains operational during the transition. The initial rollout will occur in "evaluation mode," allowing Microsoft to monitor driver behavior without blocking software. For corporate environments, Microsoft offers "Application Control for Business" to allow specific software while maintaining security measures.

AppWizard

April 10, 2026

Privacy Messenger Session Is Staring Down a 90-Day Countdown to Obscurity

The messaging app Session, which prioritizes user privacy and offers end-to-end encryption without requiring personal information for registration, is facing potential closure and has issued a call for support. The Session Technology Foundation (STF) has received funding to support operations for 90 days but will rely on volunteers after all paid staff have been let go. Development activities have paused due to insufficient funding, affecting the introduction of new features and the resolution of existing bugs. The STF has stated that it needs million to complete ongoing projects and introduce a subscription model to achieve self-sustainability. As of now, 0,000 has been raised towards this goal. Users can contribute at getsession.org/donate.

AppWizard

April 9, 2026

Bitchat Review: How Jack Dorsey’s Private Offline Messenger Works

Bitchat employs the Noise Protocol Framework, specifically the XX pattern, for encrypted and authenticated communication. The Android version uses X25519 for key exchange and AES-256-GCM for message encryption. Bitchat operates without a central infrastructure, phone numbers, or traditional accounts, which reduces data collection and risks of censorship and surveillance. The app relies on Bluetooth connectivity, requiring physical proximity between users, which can enhance security but may lead to device identification. Metadata about nearby devices and connection instances may still be retained. Bitchat has not yet undergone a comprehensive external security audit, raising concerns despite its focus on privacy and encryption.

Winsage

April 8, 2026

Microsoft suspends VeraCrypt and WireGuard signing accounts, blocking Windows updates

Microsoft has suspended developer accounts necessary for signing Windows drivers for VeraCrypt and WireGuard, blocking updates for millions of users who rely on these software solutions for data encryption and secure networking. This suspension raises concerns about potential vulnerabilities for users and presents challenges for developers seeking alternative methods to maintain software functionality and security. The cybersecurity community has reacted with frustration, calling for clearer communication from Microsoft regarding the reasons for the suspensions and exploring workarounds to continue providing updates. The open-source community is also supporting affected developers in addressing these challenges.

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

Winsage

April 6, 2026

ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

A newly discovered Windows malware called ResokerRAT uses Telegram’s Bot API for its command-and-control operations, allowing it to monitor and manipulate infected systems without a conventional server. It obscures its communications by integrating with legitimate Telegram traffic, complicating detection. Upon execution, it creates a mutex to ensure only one instance runs and checks for debuggers to avoid analysis. It attempts to relaunch with elevated privileges and logs failures to its operator. ResokerRAT terminates known monitoring tools and installs a global keyboard hook to obstruct defensive key combinations. It operates through text-based commands sent via Telegram, allowing it to check processes, take screenshots, and modify system settings to evade detection. Persistence is achieved by adding itself to startup and altering UAC settings. The malware retrieves additional payloads from specified URLs and uses URL-encoded data for communication. Researchers have confirmed its Telegram traffic, and its behavior aligns with various MITRE ATT&CK techniques. Security teams are advised to monitor for unusual Telegram traffic and scrutinize registry keys related to startup and UAC.

AppWizard

April 5, 2026

In 2007, two game music GOATs collaborated on the criminally underrated soundtrack to a similarly underrated D&D RPG

Critical Hit, formerly Soundtrack Sunday, explores video game music and audio design, highlighting titles like Neverwinter Nights, which has a dedicated fanbase. The first expansion of Neverwinter Nights 2, Mask of the Betrayer, is noted for its mature narrative and impactful music, which plays a significant role in the game's atmosphere. Brandon, the audio director at Obsidian during the late 2000s, discussed the development of Mask of the Betrayer and its soundtrack, which he collaborated on with Womb Music's Rik Schaffer and Margaret Tang. The main theme of Mask of the Betrayer is described as mysterious and epic, with a darker reinterpretation for the DLC. The theme for Mulsantir captures the city's duality, blending inviting and sinister elements. Brandon aimed to encapsulate the medieval sound of Dungeons & Dragons, resulting in a soundtrack that enhances gameplay and leaves a lasting impression on players.

AppWizard

April 3, 2026

This is the best Google Pay feature you’re not using in India

Google Pay's Tap to Pay feature, launched in 2020, allows contactless payments using NFC technology. Initially compatible with only two banks, it now works with most major debit and credit cards in India. Users can add their cards to Google Pay, and payments can be made by selecting the card and tapping the phone near a point-of-sale machine. The feature supports most Visa and MasterCard cards issued in India, while American Express cards are excluded. There are no transaction limits, and a PIN is required for high-value transactions. The setup process involves adding card details and authenticating via SMS. Tap to Pay can also be used internationally, except in China.

AppWizard

April 1, 2026

‘NoVoice’ Android malware on Google Play infected 2.3 million devices

A new Android malware called NoVoice has been found in over 50 applications on Google Play, with more than 2.3 million downloads. The malware targets older Android versions, specifically those patched between 2016 and 2021, and attempts to gain root access by exploiting vulnerabilities. It conceals malicious components within the com.facebook.utils package and uses steganography to hide an encrypted payload within a PNG image file. NoVoice avoids infecting devices in certain regions and has checks to detect emulators and VPNs. Once activated, the malware contacts its command-and-control server to gather device information and polls it every 60 seconds for tailored exploits aimed at rooting the device. It can exploit 22 vulnerabilities, including kernel bugs, and establishes persistence by replacing key system libraries and installing recovery scripts. The malware injects code into applications, particularly targeting WhatsApp to extract sensitive data for session replication, which is then exfiltrated to the C2 server. The malicious apps containing NoVoice have been removed from Google Play, but users who installed them should consider their devices compromised. Upgrading to devices with later security patches is recommended to mitigate the threat.

Winsage

March 31, 2026

Speechify Launches with On-Device Voice AI for 1B+ Windows Users Worldwide

Speechify has launched a Windows application featuring real-time text-to-speech and speech-to-text functionality, allowing for both cloud-based and on-device processing. On-device processing ensures user voice data remains secure on the machine. The application utilizes the Windows ML stack and platform APIs to operate across x64 and Arm64 architectures, leveraging Qualcomm’s Snapdragon technology for enhanced performance. The ONNX Runtime's QNN execution provider facilitates real-time transcription on Snapdragon laptops, enabling a split encoder-decoder architecture that optimizes processing. The application includes features like system-wide shortcuts, auto-pasting of transcribed text, OCR functionality, and secure data handling through Windows DPAPI. The Speechify Windows application is available for x64 and Arm64 devices via the Microsoft Store.