proxy

TrendTechie
July 2, 2026
BATorrent 1.0 is a lightweight BitTorrent client released in March 2026, developed using C++, Qt 6, and libtorrent-rasterbar. It is open-source and available on GitHub under the MIT license, with builds for Windows, Linux, and macOS. Key features include support for magnet links and .torrent files, resuming capabilities, sequential downloading, file prioritization, and imports from qBittorrent. It has automatic RSS downloading with regex filtering, duplicate detection, and automatic tracker list generation from Stremio. Streaming is supported with players like VLC and IINA. BATorrent emphasizes user privacy with no telemetry or analytics, and the only outgoing request is a release check on GitHub, which can be disabled. The user interface includes three themes, a real-time speed graph, a detailed tabbed panel, a filter panel, drag-and-drop support, and system tray notifications. It supports multiple languages and prioritizes privacy with features like PT mode for private trackers, one-click Tor proxy setup, and leech blocking. Notifications can be sent via Telegram webhook, and it has enhanced Discord presence status and native OS notifications.
Winsage
June 25, 2026
Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.
Winsage
June 19, 2026
Microsoft has identified a Windows-based cryptocurrency clipper campaign that has been active since February 2026. This campaign uses clipboard-intercepting malware with self-spreading capabilities and operates through the Tor network. The clipper malware employs Windows Script Host and ActiveX to launch a Tor proxy and connect to a hidden command-and-control server. It focuses on stealing clipboard data, particularly cryptocurrency wallet addresses, and can exfiltrate screenshots. The malware is distributed via malicious Windows Shortcut (LNK) files on USB drives, which activate a worm that checks for existing infections and fetches the payload from a remote server. The clipper monitors the clipboard every 500 milliseconds for sensitive information and can replace copied wallet addresses with those controlled by attackers. Microsoft recommends behavioral detections, disabling AutoRun for removable media, blocking LNK execution from drives, and monitoring clipboard-related activities as mitigations against this threat.
Winsage
June 19, 2026
Microsoft has introduced the Microsoft Execution Containers (MXC) SDK to establish Windows as a reliable operating system for autonomous agents, focusing on containment, identity, and manageability. The MXC framework serves as a policy-driven execution layer for agents on Windows and Windows Subsystem for Linux (WSL), allowing developers to set access permissions using JSON or TypeScript. It employs process and session isolation for agent containment and identity. Future enhancements will include micro-VM support for high-risk tasks and integration with Windows 365 for cloud PC workloads. IT teams can manage MXC policies through Entra ID and Intune, while Defender and Purview provide protection and observability. The MXC framework is built on Microsoft's security initiatives, including Secure Boot and passwordless sign-in, allowing agents to inherit a secure foundation. However, early commentary expresses caution regarding MXC's perception as a comprehensive security solution, noting issues with overly permissive policies and the lack of outbound network filtering. Other platforms, such as Linux, are also enhancing security for agents with kernel-level isolation and secure environments like NVIDIA's OpenShell runtime. Various projects are focusing on agent sandboxes within Kubernetes, employing technologies like gVisor and Kata Containers for isolation. Overall, no singular dominant platform security model for AI agents has emerged, with Windows' MXC still considered nascent compared to existing solutions in Linux and Kubernetes ecosystems.
Winsage
June 17, 2026
The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.
Winsage
June 16, 2026
Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.
Tech Optimizer
June 4, 2026
EDB has released version 6.4 of its Postgres Distributed (PGD) solution, which includes enhancements such as quorum commit, native connection pooling, and support for PostgreSQL large objects. The quorum commit feature ensures a unified transaction outcome across cluster nodes before finalizing a transaction, addressing potential risks from conflicting writes in distributed systems. This update targets organizations in sectors like banking, payments, telecommunications, and infrastructure, aiming to provide the same consistency guarantees previously reliant on proprietary databases. The Connection Manager now includes native connection pooling, reducing the need for external connection poolers and streamlining operations by integrating with PGD's Raft consensus layer. This integration allows for automatic route adjustments during failover and improved monitoring capabilities. Additionally, the update expands replication support to include PostgreSQL large objects, enhancing the applicability of distributed Postgres for managing mixed data sets in sectors like government, healthcare, and financial services. EDB also noted a Gartner forecast that by 2030, over 75% of enterprises in Europe and the Middle East will have repatriated workloads to their home jurisdictions, emphasizing the importance of consistent data management across locations. EDB aims to strengthen Postgres's position in the market by focusing on transaction integrity in distributed environments while minimizing reliance on additional infrastructure components.
AppWizard
May 24, 2026
PC gamers can download Warhammer 40,000: Gladius – Relics of War for free until May 28. The game, developed by Proxy Studios and Slitherine, is a turn-based 4X strategy title released in 2018, set in the Warhammer 40,000 universe. It has a Metacritic score of 71 and an 81% approval rating based on over 5,152 user reviews on Steam. Players can choose from four factions and engage in tactical warfare without diplomacy or technological advancements. While there is extensive downloadable content available, the base game provides a complete experience on its own.
Search