research Archives

Winsage

June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.

Tech Optimizer

June 11, 2026

Avast One: Security and privacy suite under the microscope

Avast One is the flagship consumer security suite from Avast (Gen Digital), combining antivirus, firewall, VPN, and privacy utilities into a single subscription for Windows, macOS, Android, and iOS. It offers four primary areas: device security, online privacy, identity protection, and performance tools. Device security includes real-time antivirus, Web Shield, Mail Shield, and Ransomware Shield. The online privacy component features a full VPN service with bank-grade encryption and a no-logs policy. Identity protection includes data breach monitoring and, in some markets, credit monitoring. Performance tools assist with disk cleanup and system optimization. Avast One has three plan tiers: Avast One Essential (free), Avast One Individual (paid, supports multiple devices), and Avast One Family (paid, supports up to 30 devices). Pricing varies based on promotions, with Avast One Individual typically around per year and Avast One Family ranging from to 0 per year. The suite can be downloaded directly from Avast's website, with installers available for various platforms. Avast One includes automatic updates and is designed to operate lightly on modern hardware, with options to minimize system impact during scans. Customer support includes self-help documentation, community forums, and direct support for paying customers. Avast One aims to appeal to both non-technical users and power users, providing a user-friendly interface while allowing for advanced configurations. The product is positioned as a comprehensive solution for households looking to secure multiple devices with a single subscription.

Tech Optimizer

June 11, 2026

9 Best Antivirus Software On G2: My Top Picks

Antivirus software can become overwhelming for organizations due to alert fatigue shortly after deployment. Analysts often struggle to prioritize notifications, leading to the mismanagement of legitimate tools and unclear incident timelines. A review of nine antivirus solutions based on G2's Winter 2026 Grid® Report identified the following top performers: 1. ESET PROTECT: Best for machine learning-driven endpoint protection; offers enterprise-grade security with a free trial available. 2. Sophos Endpoint: Best for ransomware prevention; provides centralized policy control with a free trial available. 3. ThreatDown: Cost-effective EDR with MDR flexibility; combines antivirus and endpoint detection with a free trial available. 4. CrowdStrike Falcon: Best for large-scale enterprise threat prevention; cloud-native platform with subscription-based pricing and a free trial available. 5. Check Point Harmony Endpoint: Best for unified endpoint and zero-trust protection; integrates malware prevention and phishing defense with a free trial available. 6. Microsoft Defender for Endpoint: Best for Microsoft-native environments; deeply integrated with Microsoft 365, licensed through enterprise agreements. 7. Kaspersky AntiVirus: Best for traditional malware protection; provides real-time protection against various threats. 8. SentinelOne: Best for autonomous AI-driven endpoint response; features automated remediation and ransomware rollback with a free trial available. 9. FortiClient: Best for Fortinet-centric environments; offers VPN access and security policy enforcement with a free basic client available. The analysis highlighted that effective antivirus solutions prioritize behavioral analysis over traditional signature-based detection, minimize false positives, and maintain low system impact during operation. Key factors for evaluating antivirus software include threat detection accuracy, centralized visibility, response capabilities, and deployment stability.

Tech Optimizer

June 11, 2026

As the Agentic Era Reshapes the Data Layer, Enterprises Build Their Sovereign Foundation on EDB Postgres® AI

EnterpriseDB (EDB) has reported a significant increase in global adoption of its EDB Postgres® AI (EDB PG AI) platform, indicating a trend among enterprises to standardize operations on a robust platform for managing mission-critical workloads. Research by MIT Technology Review Insights, in collaboration with EDB, shows that AI and data sovereignty are critical predictors of success in AI initiatives, with organizations prioritizing control over their data achieving a fivefold return on investment. The Industrial Bank of Korea (IBK) transitioned 15 core systems to EDB PG AI for greater operational flexibility and cost efficiency, reducing licensing costs compared to Oracle. Shinhan EZ Insurance migrated its entire core system to the public cloud to ensure uninterrupted service. Other enterprises leveraging EDB PG AI include MNTN, Euronext FX, and Kyobo Book Centre, which have benefited from enhanced stability, reduced vendor risk, and improved compliance. EDB is recognized as a leader in the field and will host a global digital event titled "The Era of Agentic AI Data" on June 25. EDB Postgres® AI is positioned as an open, enterprise-grade sovereign data and AI platform, supporting secure, compliant, and scalable solutions across various environments.

Winsage

June 11, 2026

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

A new zero-day exploit named RoguePlanet has been discovered targeting Microsoft’s Windows operating system, disclosed by security researcher Nightmare Eclipse. The exploit allows local privilege escalation (LPE) by exploiting a race condition in Microsoft Defender and can facilitate remote code execution (RCE) through deceptive .vhd(x) files. RoguePlanet may also bypass BitLocker encryption. The proof-of-concept has been tested on Windows 10 and Windows 11 systems but does not function on Windows Server, although the researcher believes all Windows Server versions are vulnerable. Following its release, RoguePlanet was confirmed by other researchers to spawn a command prompt with SYSTEM privileges on patched computers. This disclosure comes after Microsoft released patches for earlier exploits by Nightmare Eclipse, including GreenPlasma and YellowKey. The researcher has expressed dissatisfaction with Microsoft’s vulnerability disclosure process, alleging legal action against them and the suspension of their GitHub account, leading to the publication of RoguePlanet under a new account.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 10, 2026

Microsoft patches record 198 Windows bugs in June update – and 3 are zero days

Microsoft's latest Patch Tuesday addressed 198 security vulnerabilities, the most extensive update in recent memory. Among these, 32 flaws are classified as critical, and three are zero-day vulnerabilities. The updates are detailed in KB articles: KB5094126 for Windows 11 versions 24H2 and 25H2, KB5093998 for version 23H2, and KB5094127 for Windows 10. The updates will automatically download and install, but users must verify their installation status and reboot their computers for changes to take effect. The vulnerabilities addressed this month are attributed to advancements in artificial intelligence, with companies like Microsoft leveraging AI models to expedite the identification and resolution of security flaws. The three zero-day vulnerabilities include one that allows an attacker to gain Windows System privileges through a flaw in file link resolution, another that could facilitate a denial-of-service attack via an HTTP vulnerability, and a third related to a flaw in Windows BitLocker that could enable data capture from an unpatched PC. Additionally, the update introduces new features to Windows 11, including new Secure Boot certificates, a Low Latency Profile for enhanced performance, support for shared audio devices for multiple Bluetooth connections, webcam functionality across multiple applications, and the ability to assign a custom name to the user folder during setup.

Winsage

June 10, 2026

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

An anonymous researcher known as Chaotic Eclipse has released a proof-of-concept exploit called RoguePlanet, targeting a zero-day vulnerability in Microsoft Defender. The exploit, which is a race condition, has a variable success rate, achieving 100% success on some machines while being less effective on others. When successful, it grants attackers SYSTEM-level privileges on Windows 10 and 11 systems with the June 2026 Patch Tuesday updates. The exploit does not work on Windows Server due to restrictions on mounting ISO images. Chaotic Eclipse has criticized Microsoft's defenses against path redirection attacks and claims to have found multiple vulnerabilities within Defender and other Microsoft software components. The researcher has expressed dissatisfaction with Microsoft's handling of vulnerability disclosures, particularly after losing access to the Microsoft Security Response Center account. Microsoft has condemned the public disclosure of vulnerabilities as unjustifiable, stating it puts customers at unnecessary risk, and has removed Chaotic Eclipse's GitHub and GitLab accounts. Microsoft clarified that it does not intend to pursue legal action against individuals conducting security research but will collaborate with law enforcement against malicious activities.

Tech Optimizer

June 9, 2026

Tiger Data launches PostgreSQL extension designed for AI agents

Tiger Data has launched a managed PostgreSQL database service called Ghost, designed for AI agents, addressing the limitations of traditional database architectures for autonomous software. The service is now generally available and allows agents to create unlimited databases quickly through a feature called "fast forking." Ghost utilizes Tiger Data's Fluid Storage technology, which employs a copy-on-write storage layer, enabling multiple database instances to share data blocks while charging users only for changed data. The service supports popular PostgreSQL extensions and is positioned as an evolution of PostgreSQL, maintaining its compatibility with the existing ecosystem. Tiger Data has raised 0 million in funding and employs 200 individuals across 25 countries.

Tech Optimizer

June 9, 2026

Tiger Data Launches Ghost, a Purpose-Built Database Service for the Agentic Era

Tiger Data has launched Ghost, a database service designed specifically for AI agents, addressing the limitations of traditional databases in supporting AI-driven workflows. Ghost allows for isolated environments where agents can experiment without affecting shared resources, offering unlimited Postgres databases with rapid forking capabilities. It features a cost-effective per-query pricing model and includes a free tier with 100 compute hours per month and 1TB of storage. Ghost is compatible with various MCP-enabled agent harnesses and is built on Postgres, providing a familiar operational model for teams. Comprehensive documentation and deployment resources are available at tigerdata.com.