proxy Archives

Winsage

December 18, 2025

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A newly identified cyber threat cluster called LongNosedGoblin has been linked to cyber espionage attacks targeting governmental entities in Southeast Asia and Japan, with activities traced back to at least September 2023. The group uses Group Policy to spread malware and employs cloud services like Microsoft OneDrive and Google Drive for command and control. Key tools include NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, which perform functions such as collecting browser history, executing commands, and logging keystrokes. ESET first detected LongNosedGoblin's activities in February 2024, identifying malware on a governmental system. The attacks showed a targeted approach, with specific tools affecting select victims. Additionally, a variant of NosyDoor was found targeting an organization in an EU country, indicating a possible connection to other China-aligned threat groups.

Tech Optimizer

December 18, 2025

Chinese hackers fake Teams downloads in false flag ploy

A cybersecurity investigation by ReliaQuest has revealed that a Chinese state-linked hacking group, Silver Fox (also known as Void Arachne), is using search engine optimization tactics to create a counterfeit Microsoft Teams download site at "teamscn[.]com." This site targets Chinese-speaking users and employs a typo-squatting strategy. Victims attempting to download the software receive a trojanized installer labeled "Setup.exe," which checks for the presence of antivirus software and executes obfuscated PowerShell commands to modify Windows Defender exclusion lists. The malware also drops a file named "Verifier.exe" and installs a functional version of Microsoft Teams to disguise its activities. The compromised system communicates with the domain "Ntpckj[.]com" to deliver the ValleyRAT payload, allowing remote access for data exfiltration and command execution. Silver Fox is linked to both state-sponsored espionage and financially motivated activities, having previously conducted similar SEO poisoning campaigns. The campaign primarily targets Chinese-speaking personnel in global organizations, particularly those with ties to China, and poses a significant risk to organizations lacking robust security measures. Security teams are advised to enhance logging and monitoring practices to detect suspicious activities.

Winsage

December 4, 2025

The first building blocks of an agentic Windows OS

Microsoft is introducing an MCP registry to Windows, enhancing security with protective wrappers and providing local agents with discovery tools. A proxy will enable connectivity for local and remote servers, ensuring robust authentication, auditing, and authorization. Enterprises can control access to the MCP using group policies and default settings, allowing unique identities for connectors. The registration process for an MCP server has been simplified with MSIX packages, making installation more accessible. Developers must have NodeJS installed to use the MCP bundle (mcpb) package, which is built using an NPM package. This approach allows developers to incorporate the MCP server into their application’s installer as an MSIX file for easy distribution and installation.

Winsage

December 2, 2025

Microsoft Warns About New Experimental Feature in Windows – Jordan News | Latest News from Jordan, MENA

Microsoft has alerted Windows 11 users about a new experimental AI feature called the “Proxy Server,” introduced in build 26220.7262, which can be manually activated in the “AI Components” section. Users receive a cautionary message regarding the feature's experimental nature and potential impacts on device performance, including inaccuracies and unexpected behavior. The underlying language model is still in development, leading to risks of inaccuracies due to incomplete training data. Experts have raised concerns about vulnerabilities to cyber threats, with reports of cybercriminals exploring ways to exploit the AI features. The “Proxy Server” has default read and write permissions to critical user directories, raising security concerns. Microsoft plans to enhance security measures with more granular permission controls and advises that the feature should only be enabled by users aware of the associated risks.

Winsage

November 28, 2025

Microsoft gives Windows admins a legacy migration headache with WINS sunset

Many organizations using Windows Internet Name Service (WINS) do not actively leverage it for critical operations, and it often operates quietly in the background. WINS poses significant security risks due to design limitations, particularly its lack of a robust mechanism for authenticating name registrations, making it vulnerable to spoofing attacks. Attackers can register malicious entries, such as Web Proxy Auto-Discovery (WPAD) records, allowing them to intercept web traffic or redirect connections, which facilitates lateral movement within a network and threatens organizational security.

Winsage

November 18, 2025

Windows Is Becoming An Operating System For AI Agents

Microsoft Windows is evolving to incorporate AI agents that act autonomously, resembling digital coworkers. This shift is facilitated by the Model Context Protocol (MCP), which standardizes agent interactions with tools and data sources, ensuring secure access to system resources. Windows introduces an on-device registry of "agent connectors" for functionalities like file access and system settings, managed through an OS-level proxy that oversees identity, permissions, consent, and audit logging. The initial connectors focus on File Explorer and System Settings, defining clear capabilities and restrictions for agents. A transparent consent model allows users to manage permissions easily, promoting a user-friendly experience. The introduction of an Agent Workspace provides a dedicated environment for agents, ensuring they operate independently and with least-privileged access. Security measures include signed connectors and a standardized proxy for authentication and auditing, enabling visibility into agent actions. Windows is also expanding on-device AI processing with APIs for various functionalities, allowing agents to leverage local models securely. While Windows is not becoming an agent-first operating system, it is establishing a framework for human and agent interactions, positioning itself as a safe environment for AI operations. The foundational elements for this evolution include standard interfaces, clear permissions, isolated environments, and system-level observability.

TrendTechie

November 12, 2025

Релиз qBittorrent 5.1.3

On November 11, 2025, qBittorrent 5.1.3 was released as an open-source torrent client, building on its previous version 5.0 from September 2024. It is compatible with Linux, Windows, and macOS and is available on GitHub under the GPLv2+ license. Key features include an integrated search engine, RSS feed subscription, remote control via a web interface, sequential downloading, advanced settings for torrents, bandwidth scheduling, IP filtering, torrent creation interface, and support for UPnP and NAT-PMP. Version 5.1.3 focused on bug fixes, including a correction in the WEBUI for reverse proxy functionality, restoration of application and plugin update checks, updated translations, and resolution of an automatic language detection issue on macOS. It includes updates to libtorrent versions 1.2.20+git3ae563b043 and 2.0.11+git195f94d4a1, Qt 6.9.3, and Boost versions 1.86/1.89.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

AppWizard

November 8, 2025

A dangerous rise in Android malware hits critical industries

A study by Zscaler has reported a significant increase in mobile and IoT security incidents, with 239 malicious Android applications on Google Play downloaded 42 million times. There has been a 67% year-over-year increase in Android malware transactions, primarily involving spyware, banking trojans, and adware, which now constitutes 69% of all malware detections. The energy sector has seen a 387% rise in attack attempts, while manufacturing and transportation industries face over 40% of IoT threats. IoT attacks are largely driven by malware families like Mirai, Mozi, and Gafgyt, which account for about 75% of malicious payloads, with routers being the primary targets. Mobile attacks are concentrated in a few countries, emphasizing the need for enhanced security measures.

Winsage

November 5, 2025

Russian APT abuses Windows Hyper-V for persistence and malware execution

Cyber attackers used the Import-VM and Start-VM PowerShell cmdlets to introduce a virtual machine named WSL into Hyper-V. This virtual machine hosts a compact Alpine Linux environment with two implants, CurlyShell and CurlCat, identified by Bitdefender. CurlyShell uses libcurl to connect to a command-and-control server, creating a reverse shell to execute commands and return outputs. CurlCat functions as a proxy, tunneling SSH traffic through HTTP requests to evade detection by network monitoring tools.