reveals Archives

Winsage

June 25, 2026

Introduction to COM usage by Windows threats

Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.

AppWizard

June 25, 2026

John Carmack apologizes after Sandy Petersen says ‘Quake ruined id Software,’ and for once John Romero doesn’t tell Sandy he’s wrong

The 30th anniversary of Quake on June 22, 2026, led to reflections from its creators, particularly Sandy Petersen and John Carmack. Petersen stated, "Quake ruined id Software," acknowledging the game's achievements but highlighting the intense workload that drained the team. Carmack described the project as "overly ambitious technically" and admitted to pushing the team too hard, recognizing the need for a more balanced approach to ownership and work environment. He noted that the original corporate stock arrangement created poor incentives. Petersen mentioned that working in a large room eliminated spaces for relaxation, contributing to team stress. John Romero echoed these sentiments, reflecting on the culture at id Software and praising designer American McGee's contributions. The founders recognized their past mistakes while appreciating the legacy of their work, with id Software continuing to thrive with franchises like Wolfenstein, Doom, and Quake.

AppWizard

June 25, 2026

Is Halifax down? Issues with banking app and login reported

Bank account holders have reported difficulties accessing the Halifax app and online banking services since around 8:30 AM, with users voicing concerns on Downdetector. In the UK, including cities like Birmingham, London, and Bristol, 69% of users experienced problems with the app, 12% faced login issues, and 13% reported mobile banking problems. A notice on the app indicated a technical error preventing users from logging in. Downdetector tracks disruptions in online services by allowing users to report issues, providing real-time analysis of reported problems.

Winsage

June 24, 2026

Microsoft confirms Windows 11 version 26H2 is coming soon: Reveals some devices won’t be eligible

Microsoft has announced the upcoming release of Windows 11 version 26H2, which will follow versions 25H2 and 24H2, all built on the same platform from 2024. Version 26H2 will not introduce significant changes compared to version 25H2, as it shares the same feature set. Users on Windows 11 version 26H1, which is tailored for Qualcomm Snapdragon X2 and NVIDIA RTX Spark devices, will not be able to upgrade to 26H2 this fall. An upgrade path for 26H1 users to version 27H2 may be available by the end of next year. The exact launch date for version 26H2 has not been specified, but it is expected to roll out towards the end of September or into October.

AppWizard

June 23, 2026

Steam’s Latest 100% Rated Free Game Hailed As Perfect Aid To Relax

Skillwood is a newly released free game on Steam, described as a "relaxing woodcutter simulator" with straightforward mechanics that have earned it a 100% rating from players. Developed by sshulin, the game involves chopping wood, mining stone, and trading with NPCs while managing stamina, which can be replenished by upgrading the campfire or foraging for berries. Players can explore and construct bridges and ladders to access new areas, enhancing resource-gathering. The game is designed for casual play and offers a mental escape, with players able to complete all objectives in approximately 40 minutes. Skillwood is free-to-play, as the developer chose not to implement a pay-to-play model or cosmetic DLC.

Winsage

June 22, 2026

Microsoft is retiring Edge Drop to make room for Copilot

Microsoft Edge is set to retire the Edge Drop feature, which allowed users to send messages, files, and photos to themselves within a single thread. The feature will be discontinued as part of a strategy to prioritize artificial intelligence capabilities in the browser. Edge Drop has been integrated into the Sidebar of Edge on desktop and has not seen widespread adoption, with users potentially turning to alternatives like WhatsApp or Telegram for similar functionality. Users can still access their files through OneDrive after the Drop feature is phased out.

AppWizard

June 22, 2026

Google reveals new timeline for Android’s app sideloading changes

Google is rolling out a new system service for Android devices to enhance app sideloading safety, starting this month. In July, the Android Developer ID Status API and early access to the Android Developer Console API will be introduced globally, along with limited distribution accounts for students and hobbyists. By August, these accounts and the new API will be fully launched. The developer verification protections will take effect by September 30 in Brazil, Indonesia, Singapore, and Thailand, requiring app registration for participating app stores. Options for sideloading unregistered apps will still be available through Android Debug Bridge (ADB). By 2027, Google plans to expand the developer verification requirement globally. Developers in the initial countries must complete the verification process by September.

Winsage

June 21, 2026

Microsoft confirms Windows 11 26H2 for fall 2026 release, reveals supported PCs and other details

Microsoft has confirmed the upcoming Windows 11 26H2 feature update, set to roll out in fall 2026, likely in October. This update will not be a major overhaul and will utilize an enablement package (eKB) for installation, similar to the previous Windows 11 25H2 version. The last major update was the 24H2 version, released on October 1, 2024, while 25H2 launched in 2025 and reset the OS life cycle, extending support by an additional year. Support for Windows 11 24H2 ends on October 13, 2026, and for 25H2 until October 12, 2027. Windows 11 26H2 will be supported until October 2028 for Home, Pro, Pro EDU, and Pro for Workstations editions, and until October 2029 for Enterprise, Education, or IoT Enterprise editions. Devices running Windows 11 24H2 or 25H2 will transition to 26H2 without new hardware requirements, maintaining specifications of 4GB RAM, 64GB storage, and a 1GHz or faster 64-bit dual-core processor. Windows 11 26H1, another update, requires new silicon but does not introduce exclusive features. Major changes will be delivered through monthly cumulative updates rather than annual feature updates.

AppWizard

June 21, 2026

This 4.9-Star LEGO Minecraft Creeper Hides a Secret Inside, Amazon Goes Nearly Zero Margin

The LEGO Minecraft Creeper set has sold 6,000 units in one month on Amazon and has a 4.9-star rating from nearly 1,800 reviews. It consists of 665 pieces, features a large, poseable figure over 8 inches tall, and includes articulated legs and a detachable head with a hidden compartment containing a first-version Creeper minifigure and a TNT element. Targeted at ages 10 and up, it offers a mid-range building experience without lengthy assembly times. The set serves as room decor and is part of the LEGO Minecraft collection. It is currently priced at a significant discount, marking its lowest price on Amazon, with the platform absorbing most of the margin.

Winsage

June 21, 2026

Microsoft reveals how to verify Windows 11’s Secure Boot update, what to do if your PC missed it

The expiration of Microsoft's Secure Boot 2011 certificates on June 24 will not prevent older Windows PCs from booting, as confirmed by Microsoft. Devices will continue to operate normally, but they will miss future boot-level security updates, including updates to the Windows Boot Manager and mitigations for newly identified vulnerabilities. The ability to receive the Secure Boot 2023 update depends on the device firmware's compatibility, with many manufacturers, including Dell, HP, Lenovo, and ASUS, having cutoffs for BIOS updates based on the device's End of Service Life. Older PCs using Legacy BIOS or Compatibility Support Module (CSM) mode do not utilize UEFI Secure Boot, making the update irrelevant. Users running Windows 11 on unsupported hardware may have Secure Boot disabled or improperly configured. Without the 2023 certificates, devices cannot receive future revocation updates to the Secure Boot DBX, which lists compromised bootloaders. Users on Windows 10 with supported OEMs may receive the update if a compatible BIOS is available, while those on older PCs without updates can continue using their devices but will lack future security updates. The Secure Boot status can be checked through the Windows Security app, with color-coded badges indicating the status of the certificates.