We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

registry changes

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Winsage
November 25, 2025

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity experts have identified a new campaign that combines ClickFix tactics with counterfeit adult websites to trick users into executing harmful commands under the guise of a "critical" Windows security update. This campaign uses fake adult sites, including clones of popular platforms, as phishing mechanisms, increasing psychological pressure on victims. ClickFix-style attacks have risen significantly, accounting for 47% of all attacks, according to Microsoft data. The campaign features convincing fake Windows update screens that take over the user's screen and instruct them to execute commands that initiate malware infections. The attack begins when users are redirected to a fake adult site, where they encounter an "urgent security update." The counterfeit Windows Update screen is created using HTML and JavaScript, and it attempts to prevent users from escaping the alert. The initial command executed is an MSHTA payload that retrieves a PowerShell script from a remote server, which is designed to deliver multiple payloads, including various types of malware. The downloaded PowerShell script employs obfuscation techniques and seeks to elevate privileges, potentially allowing attackers to deploy remote access trojans (RATs) that connect to command-and-control servers. The campaign has been linked to other malware execution chains that also utilize ClickFix lures. Security researchers recommend enhancing defenses through employee training and disabling the Windows Run box to mitigate risks associated with these attacks.
Microsoft’s October 2025 Patches Disrupt Active Directory Sync on Server 2025 Systems
Winsage
October 16, 2025

Microsoft’s October 2025 Patches Disrupt Active Directory Sync on Server 2025 Systems

Microsoft has acknowledged a significant issue affecting Windows Server 2025 systems, particularly after the installation of the October 2025 security updates. This issue disrupts Active Directory directory synchronization, especially impacting organizations with large security groups exceeding 10,000 members. The synchronization failures affect applications relying on DirSync for on-premises Active Directory Domain Services and particularly impact those using Microsoft Entra Connect Sync to link on-premises directories with cloud services. The problem was first noted on October 14, 2025, after the installation of the September 2025 Windows security update (KB5065426). A temporary workaround involves modifying the Windows registry by creating a DWORD value named 2362988687 with a value of 0 under the FeatureManagement Overrides section at HKEYLOCALMACHINE. Microsoft cautions that incorrect registry changes can lead to severe complications. There is no definitive timeline for a permanent fix, and the issue is limited to Windows Server 2025, with no similar problems reported for earlier server editions or client versions of Windows. Organizations using Windows Server 2022 or older are unaffected. Administrators should assess synchronization needs before deploying the October 2025 updates and monitor for updates regarding a permanent resolution.
Linux Fu: Windows Virtualization The Hard(ware) Way
Winsage
August 22, 2025

Linux Fu: Windows Virtualization The Hard(ware) Way

The Linux community faces challenges when certain applications are only available on Windows, despite solutions like Wine and virtual machines. A new approach using hardware instead of virtualization has emerged. The author received a Surface Laptop 2 that was non-functional until the keyboard was removed, revealing it was operational. While transitioning Windows installations from VirtualBox to KVM, the author discovered WinApps, a script that allows Windows applications to run on a Linux desktop via a virtual machine. However, this setup caused performance issues due to constant disk activity. The author experimented with connecting WinApps to a physical Windows machine on the network, successfully running Windows software directly on their desktop. The setup required executing an installation script on the Windows machine and making registry changes to enable RDP applications. Minor hurdles included compatibility issues with a dual-monitor setup and user permission bugs. Ultimately, Microsoft Word ran smoothly on the author's KDE desktop, demonstrating the potential for utilizing older computers for occasional tasks.
5 Windows Registry tweaks I still use, even in 2025
Winsage
July 9, 2025

5 Windows Registry tweaks I still use, even in 2025

The Windows registry is a crucial part of Microsoft's operating system, recording various system operations. Users can modify the registry through the Registry Editor to enhance performance and user experience, but must do so cautiously to avoid system issues. To take ownership of files, users can add a "Take Ownership" option to the context menu by creating a .reg file. To restore the old Windows 10 context menu in Windows 11, a new key can be added in the Registry Editor. Power throttling can be disabled by creating a new key and DWORD value in the Registry Editor, improving performance for desktop users. Users can disable the Copilot feature by creating a specific key and DWORD value in the Registry Editor. To reduce telemetry data collection, a DWORD value can be set to 0 in the Registry Editor. It is recommended to back up files and create a Restore Point before making any registry changes, and to test risky tweaks on a virtual machine or secondary device.
Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT
Tech Optimizer
June 17, 2025

Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT

Threat actors are using a fileless variant of AsyncRAT, targeting German-speaking individuals with a deceptive verification prompt. This prompt misleads users into executing harmful commands. The malware employs obfuscated PowerShell scripts to operate in memory without creating files on disk, complicating detection by antivirus solutions. The attack begins with a fake verification page prompting users to click "I’m not a robot," which copies a malicious command to the clipboard. This command uses conhost.exe to run a hidden PowerShell instance that retrieves a payload from a remote server. The malware establishes a connection to a command-and-control server and maintains persistence through registry keys, enabling remote control and data exfiltration. Key tactics include stealth execution, in-memory C# compilation, and TCP-based communication over non-standard ports. The campaign has been active since at least April 2025. Indicators of Compromise (IOCs) include: - IP: 109.250.111[.]155 (Clickfix Delivery) - FQDN: namoet[.]de (Clickfix / C2 Server) - Port: 4444 (TCP Reverse Shell Listener) - URL: hxxp[:]//namoet[.]de:80/x (PowerShell Payload) - Registry (HKCU): SOFTWAREMicrosoftWindowsCurrentVersionRunOncewindows (Persistence on Boot) - Registry (HKCU): SOFTWAREMicrosoftWindows NTCurrentVersionWindowswin (Holds Obfuscated Command)
These Windows 11 registry hacks will turn you into a PC pro
Winsage
February 19, 2025

These Windows 11 registry hacks will turn you into a PC pro

The Windows Registry Editor is accessed by pressing Win-R, typing regedit, and confirming with “OK.” The registry files are located in “C:WindowsSystem32config” and user-specific files in “C:Users[username].” The five main branches of the registry are: - HkeyCurrentUser: Configuration settings for the current user. - HkeyLocalMachine: Global settings for all users, requiring administrative rights for changes. - HkeyUsers: Contains user IDs for system profiles. - HkeyClassesRoot: Manages file name extensions and program shortcuts. - HkeyCurrentConfig: Links to keys under HkeyLocalMachineSystemCurrentControlSetHardware ProfilesCurrent. Users can create subkeys and values, which can be of different types. To modify the registry, select a key, use the “New” context menu, and double-click to edit. Creating a backup of the registry is recommended before making changes, which can be done using the Registry Backup Portable tool. To restore the registry, select the most recent backup and click “Restore Now.” Microsoft’s Process Monitor can be used to analyze registry values by filtering for “RegSetValue” and tracking changes. Certain registry values are restricted from modification for security reasons, such as the “widgets” feature in Windows 11. However, methods like batch files and PowerShell scripts can override these protections. Windows transmits diagnostic data to Microsoft, impacting user privacy. Tools like O&O Shutup10 and W10Privacy help manage telemetry settings.
Another day, another huge Windows 11 24H2 update bug, this time triggering the dreaded Blue Screen of Death
Winsage
October 17, 2024

Another day, another huge Windows 11 24H2 update bug, this time triggering the dreaded Blue Screen of Death

Users are experiencing system crashes and Blue Screens of Death (BSOD) linked to the Windows 11 24H2 update, particularly affecting Western Digital SSD models SN770 and SN580. Reports of increased crashes began over a week ago after the update was installed. Users have identified a common error message: "The driver detected a controller error on DeviceRaidPort1." A temporary workaround involving registry changes has been proposed by a community member, although no official response from Western Digital or Microsoft has been provided. Both companies are aware of the issue and are expected to release patches and firmware updates.
Microsoft cracks down on Windows 11 upgrades for 'incompatible' PCs, but there's a workaround
Winsage
October 5, 2024

Microsoft cracks down on Windows 11 upgrades for ‘incompatible’ PCs, but there’s a workaround

Microsoft introduced stringent hardware compatibility requirements with the launch of Windows 11 in 2021, requiring a compatibility appraiser to assess hardware for upgrade eligibility. If a CPU is unsupported or if a PC lacks a Trusted Platform Module (TPM) version 2.0, the upgrade is halted. Two methods to bypass these restrictions have emerged: one involves a registry modification for corporate clients with TPM enabled, while the other uses a hack to replace the compatibility appraiser module with a zero-byte file, facilitated by the Rufus utility. However, a recent update with Windows 11 version 24H2 disrupted the Rufus method, leading to error messages during upgrades. Rufus developer Pete Batard provided a workaround involving specific registry commands to allow successful upgrades. Systems with TPM and UEFI/Secure Boot can upgrade easily, while older hardware without TPM or using Legacy BIOS faces significant challenges. Feedback from users experiencing issues is encouraged for documentation and resolution.
How to permanently restore old File Explorer in Windows 11
Winsage
June 15, 2024

How to permanently restore old File Explorer in Windows 11

To restore the old File Explorer in Windows 11, users can make changes in the registry using a specially crafted reg file. This will bring back the old File Explorer with its Ribbons, fewer bugs, and better performance.
Search