proxy Archives

Tech Optimizer

March 1, 2026

Surfshark is one of the few VPNs to offer a real antivirus solution

Users are increasingly focused on the effectiveness of their security software alongside the number of streaming services they use. Leading VPN providers are responding by offering comprehensive packages that combine VPN capabilities with antivirus features. Surfshark has introduced Surfshark One, which integrates its VPN service with proprietary antivirus software. This solution is designed to provide a comprehensive cybersecurity experience within a single application. To access the antivirus feature, users must subscribe to the Surfshark One plan, which offers quick and full scans, customizable scanning options, and scheduled scans. Detected threats are quarantined and deleted after 60 days. The antivirus includes Cloud Protect for continuous defense against malware, updating its database every three hours, and provides 24/7 malware protection. Surfshark One also includes additional tools such as Alternative ID for safeguarding user information, Surfshark Alert for notifications about compromised sensitive information, and Surfshark Search for ad-free browsing. Surfshark's VPN offers access to over 4,500 servers and supports unlimited devices. Surfshark One differs from other VPN packages by providing essential tools for post-compromise care and customizable security settings. Competitors like ExpressVPN and NordVPN offer tiered pricing structures with advanced security features in higher-tier plans. To acquire Surfshark One, users can visit the Surfshark website and choose from various subscription plans. The cost difference between the Surfshark Starter plan and Surfshark One is minimal, with Surfshark One starting at .49 per month. Surfshark One+ includes additional features like personal data removal and identity theft coverage. Only a few providers currently offer both VPN and antivirus capabilities, including Surfshark, Private Internet Access, and CyberGhost.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

Tech Optimizer

February 19, 2026

How to Install McAfee Antivirus on Windows 11 or 10

Installing third-party antivirus software like McAfee on Windows 11 can be challenging due to the built-in Windows Security, which can complicate the installation process. Users may face issues such as silent failures from conflicting software, permission problems on restricted machines, or restrictions due to S Mode on new laptops. Windows 11 includes Windows Security, which is effective for malware protection, but McAfee may be necessary for compliance, additional features, or centralized protection for multiple devices. McAfee supports Windows 11 Home, Pro, and Education editions but not Enterprise. The minimum hardware requirements include a processor of 1 GHz or faster, at least 2 GB of RAM (4 GB recommended), 1.3 GB of free disk space, an internet connection for download and updates, and a display resolution of at least 1024×768. McAfee requires a persistent internet connection for activation and updates. Before installing McAfee, users should check if their device is in S Mode, as McAfee cannot be installed in this mode. They must remove any existing antivirus software completely, as leftover files can interfere with the installation. Users should also ensure that Windows 11 is up to date and verify that there is enough disk space available. To download McAfee, users should go directly to the McAfee trial page to avoid scams. After downloading, they need to run the installer and restart their computer after installation. Users should then activate McAfee, run a manual update, and conduct a full system scan. Common installation problems include freezes during download, errors due to S Mode, and issues with Windows Security not recognizing McAfee as the active antivirus. Users can verify that McAfee is functioning correctly by checking the system tray icon, Windows Security settings, and the McAfee dashboard. To uninstall McAfee, users should go to Settings > Apps > Installed Apps, select McAfee, and follow the prompts to remove it. After uninstallation, Windows Security will reactivate automatically. McAfee offers several plans for Windows users, including Basic, Essential, Premium, and Advanced, each with different features and device limits. The Basic plan is suitable for single-device users without additional needs, while families may benefit from the Essential or Premium plans.

AppWizard

January 31, 2026

Google takes down an invisible network that was secretly using your phone’s internet

Google has dismantled the IPIDEA residential proxy network, which had exploited millions of devices for cybercrime. This operation resulted in the liberation of approximately nine million Android devices and the removal of hundreds of compromised applications. IPIDEA's infrastructure was integrated into various software development kits (SDKs), allowing it to covertly enlist devices into its proxy pool. Google updated its Play Protect system to identify and eliminate affected applications and collaborated with partners to disrupt the network's underlying systems. The efforts led to a significant decrease in hijacked devices available for exploitation.

Tech Optimizer

January 26, 2026

AlloyDB managed connection pooling

AlloyDB for PostgreSQL is a fully managed database service designed for enterprise workloads, combining PostgreSQL's strengths with Google Cloud technology for enhanced performance, scalability, and availability. A new feature, managed connection pooling, addresses the challenges of inefficient database connection management, which can lead to performance degradation, resource exhaustion, and reliability issues. Managed connection pooling maintains a cache of active database connections, allowing applications to reuse connections instead of creating new ones for each request, thus reducing latency and resource consumption. This feature is tightly integrated into AlloyDB, simplifying operations and optimizing performance and security. It offers two configurable pooling modes: transaction mode, which maximizes reuse for short transactions, and session mode, which maintains a connection for the entire session. Enabling managed connection pooling can increase transactions per minute by up to five times, support over three times more concurrent connections, decrease connection latency, and improve reliability during traffic spikes. UKG, a provider of HR solutions, has adopted this feature to enhance the performance and scalability of their applications. To enable managed connection pooling, users can activate it in the Google Cloud console and connect applications using standard PostgreSQL drivers to the designated port.

Winsage

December 18, 2025

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A newly identified cyber threat cluster called LongNosedGoblin has been linked to cyber espionage attacks targeting governmental entities in Southeast Asia and Japan, with activities traced back to at least September 2023. The group uses Group Policy to spread malware and employs cloud services like Microsoft OneDrive and Google Drive for command and control. Key tools include NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, which perform functions such as collecting browser history, executing commands, and logging keystrokes. ESET first detected LongNosedGoblin's activities in February 2024, identifying malware on a governmental system. The attacks showed a targeted approach, with specific tools affecting select victims. Additionally, a variant of NosyDoor was found targeting an organization in an EU country, indicating a possible connection to other China-aligned threat groups.

Tech Optimizer

December 18, 2025

Chinese hackers fake Teams downloads in false flag ploy

A cybersecurity investigation by ReliaQuest has revealed that a Chinese state-linked hacking group, Silver Fox (also known as Void Arachne), is using search engine optimization tactics to create a counterfeit Microsoft Teams download site at "teamscn[.]com." This site targets Chinese-speaking users and employs a typo-squatting strategy. Victims attempting to download the software receive a trojanized installer labeled "Setup.exe," which checks for the presence of antivirus software and executes obfuscated PowerShell commands to modify Windows Defender exclusion lists. The malware also drops a file named "Verifier.exe" and installs a functional version of Microsoft Teams to disguise its activities. The compromised system communicates with the domain "Ntpckj[.]com" to deliver the ValleyRAT payload, allowing remote access for data exfiltration and command execution. Silver Fox is linked to both state-sponsored espionage and financially motivated activities, having previously conducted similar SEO poisoning campaigns. The campaign primarily targets Chinese-speaking personnel in global organizations, particularly those with ties to China, and poses a significant risk to organizations lacking robust security measures. Security teams are advised to enhance logging and monitoring practices to detect suspicious activities.

Winsage

December 4, 2025

The first building blocks of an agentic Windows OS

Microsoft is introducing an MCP registry to Windows, enhancing security with protective wrappers and providing local agents with discovery tools. A proxy will enable connectivity for local and remote servers, ensuring robust authentication, auditing, and authorization. Enterprises can control access to the MCP using group policies and default settings, allowing unique identities for connectors. The registration process for an MCP server has been simplified with MSIX packages, making installation more accessible. Developers must have NodeJS installed to use the MCP bundle (mcpb) package, which is built using an NPM package. This approach allows developers to incorporate the MCP server into their application’s installer as an MSIX file for easy distribution and installation.

Winsage

December 2, 2025

Microsoft Warns About New Experimental Feature in Windows – Jordan News | Latest News from Jordan, MENA

Microsoft has alerted Windows 11 users about a new experimental AI feature called the “Proxy Server,” introduced in build 26220.7262, which can be manually activated in the “AI Components” section. Users receive a cautionary message regarding the feature's experimental nature and potential impacts on device performance, including inaccuracies and unexpected behavior. The underlying language model is still in development, leading to risks of inaccuracies due to incomplete training data. Experts have raised concerns about vulnerabilities to cyber threats, with reports of cybercriminals exploring ways to exploit the AI features. The “Proxy Server” has default read and write permissions to critical user directories, raising security concerns. Microsoft plans to enhance security measures with more granular permission controls and advises that the feature should only be enabled by users aware of the associated risks.

Winsage

November 28, 2025

Microsoft gives Windows admins a legacy migration headache with WINS sunset

Many organizations using Windows Internet Name Service (WINS) do not actively leverage it for critical operations, and it often operates quietly in the background. WINS poses significant security risks due to design limitations, particularly its lack of a robust mechanism for authenticating name registrations, making it vulnerable to spoofing attacks. Attackers can register malicious entries, such as Web Proxy Auto-Discovery (WPAD) records, allowing them to intercept web traffic or redirect connections, which facilitates lateral movement within a network and threatens organizational security.