protocol Archives

AppWizard

June 18, 2026

Telegram vs Jio: Messaging app founder alleges cyberattack, Reliance responds

Pavel Durov, the founder of Telegram, has raised concerns about accessibility issues on his platform, attributing them to a technique called "BGP hijacking," which redirects internet traffic. He alleges that these disruptions affect users beyond India, including in the UAE, and suggests that Reliance Jio, an Indian telecom operator partly owned by Meta, may be involved in sabotaging access to Telegram. Reliance Jio has denied these allegations, stating they operate in accordance with global internet routing best practices. BGP hijacking occurs when a network falsely claims to be the preferred route, causing disruptions in internet traffic. There are indications that the network in question may be linked to Reliance Communications rather than Reliance Jio. The situation is complicated by a temporary block on Telegram in India due to the platform allegedly being used for leaking examination materials.

Winsage

June 17, 2026

Windows and Linux users: The deadline to update Secure Boot keys is near

In 2012, a novel bootkit targeting Mac OS X systems emerged, infiltrating the EFI firmware. A basic bootkit for Windows 8 also appeared, compromising the UEFI bootkit. By 2013, a more sophisticated UEFI bootkit named Dreamboat was introduced for Windows. The first documented real-world UEFI attack occurred in 2018 with the malware LoJax, linked to a Kremlin-backed hacking group. In 2020, the second known UEFI malware, MosaicRegressor, was discovered, which verified the presence of a malicious file upon each reboot. New UEFI bootkits like ESpecter, FinSpy, and MoonBounce have since emerged. In response to the threat of UEFI bootkits, Microsoft collaborated with manufacturers to implement Secure Boot, a protocol that uses cryptographic signatures to ensure the integrity of firmware during startup.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

Winsage

June 15, 2026

Linux 7.2 To Better Communicate File-System Casefolding For Helping Windows NFS & More

The Linux 7.2 kernel has introduced enhancements for reporting case-folding behavior in local file systems, allowing file servers to accurately convey their case sensitivity capabilities. Linus Torvalds merged Virtual File System (VFS) related pull requests that enable local file systems to report case-folding behavior, benefiting services like NFSD and KSMBD, particularly for Microsoft Windows NFS clients. Filesystems can now report case-insensitive and case-nonpreserving behavior through new filekattr flags in their fileattrget implementations. Supported filesystems include FAT, exFAT, NTFS3, HFS, HFS+, XFS, CIFS, NFS, VBoxSF, and ISOFS, with others defaulting to POSIX behavior. NFSd uses this information to report case folding via NFSv3 PATHCONF and implement NFSv4 attributes for case insensitivity and case preservation. The enhancements aim to improve interoperability, allowing Windows NFS clients to function correctly by reporting case-insensitivity, which streamlines operations and avoids unnecessary requests. The Linux NFS client has previously supported case-insensitive shares, requiring adjustments to caching behavior. Accurate case folding reporting is crucial for servers operating in multi-protocol environments to maintain interoperability.

Winsage

June 13, 2026

I tried Microsoft’s new AI-powered Terminal, and it is a surprisingly different experience

Windows 11 has introduced a new command-line tool called "Intelligent Terminal," which is a fork of the open-source Windows Terminal project and integrates an AI agent, specifically GitHub Copilot by default. Users must manually download and install the Intelligent Terminal, which retains the familiar Windows Terminal interface but adds a side panel for AI interaction. Upon first launch, users select an Agent Client Protocol (ACP) compatible agent, with options to enable features like automatic error detection and session management. The Intelligent Terminal offers two main experiences: agent chat and agent management. The agent chat pane allows users to inquire about errors and receive assistance, while the agent management pane tracks active and past agent sessions. Users can also utilize other agents like Claude Code, Google Gemini, and OpenAI Codex, provided they are installed locally. The Command Palette is enhanced with AI actions, allowing users to initiate tasks without interrupting their workflow. Users can customize terminal and agent settings, including pane position and error detection features. Adjustments require saving to apply changes.

Winsage

June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.

Tech Optimizer

June 12, 2026

NordVPN’s next-gen antivirus aces independent testing with a 96% phishing block rate

NordVPN's next-generation antivirus blocked 96% of phishing sites in the 2026 Anti-Phishing Comparative Test by AV-Comparatives, improving by 6% from May 2025. The test involved 275 active phishing URLs targeting personal data across various platforms. NordVPN was the first VPN provider to receive the AV-Comparatives anti-phishing protection badge in June 2024, requiring detection and blocking of at least 85% of phishing URLs without false alarms. Users are advised to verify URLs, read messages carefully, enable two-factor authentication, and check for secure HTTPS connections to avoid phishing attempts.

Winsage

June 11, 2026

Windows Ready Print is Microsoft’s biggest overhaul of Windows printing in years

Microsoft is introducing Windows Ready Print (WRP), a new printing model that aims to modernize the printing experience on Windows by integrating contemporary communication standards like the Internet Printing Protocol (IPP) and Universal Print. WRP will manage newly installed printing devices by default starting in July 2026, while older printers and OEM drivers will still function on newer Windows releases. The initiative focuses on simplifying printing processes and enhancing reliability, with new options for customization available in Windows printer preferences. Users and administrators can choose to enforce or disable WRP-based print management. Additionally, new policies in Group Policy Editor will allow for the selection or blocking of drivers through WRP. The initiative is supported by the Mopria Alliance to improve security and compatibility in printer management across devices.

AppWizard

June 10, 2026

Tchap Breach: France’s State Messenger Compromised

On June 7, an unauthorized individual accessed a user account on the Tchap messaging platform, which is used by France's government. The Digital and Numérique Agency (DINUM) identified and blocked the compromised account, but the breach raised significant security concerns. The attacker claimed to have accessed about 14GB of documents and data from public Tchap rooms, including sensitive information such as hardcoded LDAP credentials, email addresses, meeting links, and organizational details. It was revealed that public chatrooms on Tchap do not use end-to-end encryption, making shared information accessible to anyone logged into the account. The incident has implications for the credibility of government-developed secure communication tools.

Winsage

June 10, 2026

Microsoft wants to end printer driver headaches with Windows Ready Print

Microsoft has released Windows 11 Experimental build 26300.8553, which includes customizable Start menus, enhanced search functionalities, and a refined Taskbar. A significant upgrade is the rebranding of the Modern Print Platform to Windows Ready Print, aimed at modernizing and securing the printing process. Microsoft is phasing out support for third-party printer drivers via Windows Update, transitioning to the Internet Printing Protocol (IPP) and the native Windows IPP printer driver. Starting July 2026, new printer installations on eligible devices will default to Windows Ready Print, though users can choose between Windows Ready Print and the traditional OEM process. This setting can be adjusted through the printer preferences in Settings and modified via Group Policy. Users can also enable Windows protected print mode to default to Windows Ready Print.