remote access Archives

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

Tech Optimizer

May 21, 2026

‘Only pay for what you truly need’: Avast unveils revolutionary new antivirus platform – industry leading device protection & scam detection, with optional no-log VPN, data breach monitoring, and device cleanup

Avast has launched a new free modular platform called Avast One, which offers free antivirus and scam protection, allowing users to pay only for the features they choose to use. The platform includes a free tier with antivirus protection, scam protection, and web security, and users can add optional modules such as AI agent protection, a no-log VPN, data breach monitoring, and device cleanup. Avast One features a unified dashboard for easy management of security options, and it includes free services like a cleanup tool and BreachGuard for personal information protection. Premium features can be added for enhanced security, including scanning for suspicious emails and banking protection, as well as a VPN with a 60-day free trial.

Winsage

May 15, 2026

Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution

Windows systems are threatened by a vulnerability in the Windows DNS Client, identified as CVE-2026-41096, which allows remote code execution without user intervention. It has a CVSS base score of 9.8, indicating high severity. The flaw is a heap-based buffer overflow in the dnsapi.dll component, enabling unauthenticated remote attackers to execute arbitrary code. Exploitation requires sending a specially crafted DNS response to a vulnerable system, potentially leading to complete control over the host. Affected systems include supported versions of Windows 11 and Windows Server 2022/2025. Microsoft released security updates on May 12, 2026, and administrators are advised to apply these patches and reboot systems. Despite the severity, Microsoft currently classifies exploitation as “Exploitation Unlikely,” with no known public exploits or in-the-wild attacks.

AppWizard

May 12, 2026

Game industry lobby group that argued against preservation efforts from libraries is now pushing back on Stop Killing Games, saying it could prevent ‘new games, features, and technology’

Stop Killing Games has evolved from a grassroots initiative to a significant international player, with presentations at the European Parliament and collaborations with global NGOs expected by 2026. In April, the organization endorsed the Protect Our Games Act (AB 1921), which aims to require game developers to inform consumers of server shutdowns and provide options such as offline versions, patches, or refunds. Smaller game studios are adapting their titles to remain playable post-server closure, with examples including Lunarch Studios and 1047 Games. The Entertainment Software Association (ESA) opposes the bill, claiming it burdens developers, while Stop Killing Games clarifies that the legislation does not require perpetual server maintenance. Historically, the ESA has lobbied against measures to preserve game access, including opposing a DMCA exemption for libraries and museums. The ESA's concerns mirror those of Video Games Europe, warning that Stop Killing Games' demands could lead to unsafe content and financial burdens on developers.

Winsage

May 10, 2026

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

Between May 6 and May 7, 2026, the official JDownloader website was compromised in a supply chain attack, leading to the distribution of malicious installers for Windows and Linux users. Attackers altered download links, redirecting users to harmful files, specifically targeting the Windows “Alternative Installer” and the Linux shell installer. A Reddit user reported the issue after Microsoft Defender flagged the installers as malicious, noting unusual developer names instead of the expected publisher, AppWork GmbH. JDownloader developers confirmed the breach and temporarily took down the website for investigation, revealing that an unpatched vulnerability in the content management system allowed the attackers to modify download pages. The genuine installer packages were not altered, and the malicious links were removed. The website was restored on May 8–9, 2026, with verified clean installer links. Indicators of compromise included specific hashes and compromised URLs related to the attack.

AppWizard

May 8, 2026

Codex users have been begging OpenAI for this upgrade — and it’s finally in the works

OpenAI's Codex users have expressed a strong desire for enhanced functionality, particularly remote session control via ChatGPT on mobile devices, which is currently absent. Developers have voiced their frustrations on platforms like GitHub and Reddit, noting that competitors like Anthropic's Claude offer seamless remote access. Recent updates in version 1.2026.125 of the ChatGPT Android app suggest that the remote control feature for Codex is in development, with code indicating users will soon be able to access Codex on their desktops remotely, reconnect to sessions from mobile devices, and receive prompts for updates or restarts. The code also hints at functionalities like creating launcher shortcuts for Codex. While a fully operational preview is not yet available, early indications show that the integration of remote control for Codex is imminent. However, it is noted that an APK teardown provides insights into potential features, but there is no guarantee they will be included in a public release.

Winsage

May 6, 2026

New Trojan attacks Windows and steals data from smartphones via Phone Link

Cisco Talos experts have discovered a trojan that has been operational since at least January 2026, which installs the CloudZ RAT (Remote Access Tool) on Windows systems along with the Pheno plugin. The attack starts with an undisclosed initial access vector and involves executing a counterfeit SmartConnect update to deploy the CloudZ RAT. This RAT establishes an encrypted connection to its command and control (C2) server, allowing attackers to extract sensitive information. The CloudZ RAT assists in harvesting credentials from web browsers and downloads the Pheno plugin, which accesses Phone Link app data and transmits it to the C2 server. The Phone Link feature synchronizes critical data, including SMS messages with one-time passwords and account login details, which are the primary targets of the attackers.

Tech Optimizer

May 6, 2026

I tested AVG antivirus. It’s proof great AV doesn’t need to be pricey

The cost of AVG Internet Security includes a single-device plan starting at a specified amount for the first year, which then increases to a higher annual fee, and a multi-device plan for up to ten devices that starts at a different amount for the first year and rises to a specified annual fee thereafter. The multi-device option allows sharing among family members. AVG Internet Security adds five features to its free antivirus: password protection, webcam safeguards, monitoring for unauthorized file access, defense against malicious website redirects, and protection against remote desktop protocol attacks. It does not include a VPN, which requires an upgrade or separate purchase. The installation process is straightforward, with a user-friendly dashboard. Users can initiate scans easily and choose from various scan types. AVG excels in real-time protection, scanning files upon access and monitoring applications for unusual behavior, including ransomware protection. As of 2025, users must set their own scheduled scans. AVG offers a secure browser during installation and a data shredder feature, though its effectiveness may vary. Customer support includes online chat, phone assistance, and comprehensive support pages. AVG Internet Security has received high marks for performance, detecting 100% of threats in controlled tests while minimally impacting system resources during regular use.

Winsage

May 5, 2026

Defender yanks root certs as Windows updates blocks backups

Microsoft's Defender anti-malware tool update version 1.449.425.0 removed two DigiCert root digital certificates, leading to false positives that flagged them as severe malware (Trojan:Win32/Cerdigent.A!dha). This incident was later identified as a false positive, and updating to version 1.449.430.0 or later reinstates the certificates. The issue may be linked to a DigiCert employee encountering disguised malware. Additionally, Windows updates from April 14 caused third-party backup applications to malfunction due to the addition of vulnerable psmounterex.sys kernel driver versions to a blocklist. Users experienced difficulties with mounting backup image files, and Microsoft referenced a vulnerability rated 9.3 out of 10 in the driver. Other affected software includes Acronis Cyber Protect Cloud and UrBackup server. Microsoft has not explained the delay in adding the vulnerable driver to the blocklist, and other recent update-related issues have also been reported.

AppWizard

May 4, 2026

Hacker tracks Australian police using Android app

Australian police officers can potentially be tracked through publicly available Bluetooth applications due to a design flaw in tasers and body-worn cameras manufactured by Axon. A hacker demonstrated this vulnerability by using Android apps to detect nearby Bluetooth devices, revealing the location of police equipment, including model and serial numbers. The flaw arises from the failure to implement MAC address randomization, which could enhance security. The hacker developed software capable of tracking devices from over 400 meters away, raising concerns about the potential for criminal activities targeting police. Despite warnings to various police agencies, responses indicated confidence in existing security measures, although similar risks have been noted in the US, leading to the cessation of Axon body camera use by US Border Patrol agents. The vulnerability is considered a hardware-level issue, requiring significant redesign efforts from Axon to address it.