risk Archives

Winsage

March 5, 2026

Bitwarden now lets users log into Windows 11 using passkeys

Bitwarden has introduced a feature that allows Windows 11 users to log in using passkeys stored in their vaults, enhancing security by enabling phishing-resistant authentication at the operating system's login screen. Users can authenticate by scanning a QR code displayed on the Windows screen with the Bitwarden app on their mobile device, which verifies access to the stored passkey. This feature requires the Windows device to be joined to Microsoft Entra ID and for the organization to enable FIDO2 security key sign-in. Users must also register a passkey for their Entra ID profile stored in Bitwarden. The integration aims to improve security against cyber attacks targeting operating system authentication. Microsoft plans to roll out this passkey-based Windows login feature in March, depending on the organization's Microsoft Entra ID configuration, and it will be available across all Bitwarden plans, including the free tier.

AppWizard

March 4, 2026

Marathon feels like the yin to my Arc Raiders yang

In Arc Raiders, players can collaborate through features like proximity chat and shared objectives, while also facing formidable foes. The game emphasizes a relaxed atmosphere with opportunities for camaraderie among players. In contrast, Marathon fosters a competitive mindset, encouraging aggressive interactions and a focus on maximizing player-versus-player effectiveness. The first-person perspective in Marathon aligns with a competitive gameplay style, while the third-person viewpoint in Arc Raiders promotes social interaction and community engagement. Both games provide safety nets for players to recover lost resources, but they offer distinctly different experiences in terms of gameplay dynamics and player interactions.

AppWizard

March 4, 2026

Meet Vera Report, The App That Lets You Whistleblow Anonymously From a Smartphone Using Telegram Messenger

AlphaTON Capital Corp. and the Midnight Foundation have launched Vera Report, an anonymous reporting platform utilizing privacy-preserving blockchain technology and confidential computing for real-time reporting of fraud, waste, and abuse. A report by the Government Blockchain Association reveals an annual loss of billion to trillion due to federal fraud in the U.S. and highlights that whistleblower cases have recovered .3 billion under the DOJ’s False Claims Act in FY 2025. Despite potential savings of 0 billion from a 20% reduction in fraud, 31% of employees fear retaliation for reporting. Vera Report allows users to report fraud anonymously through a Telegram application, employing Zero-Knowledge Proofs, Confidential Computing, Blockchain Verification, Decentralized Storage, Automatic Metadata Stripping, and AI Credibility Assessment to protect submitters’ identities and improve reporting efficiency.

Winsage

March 4, 2026

PoC Exploit Released for Microsoft Windows Error Reporting ALPC Privilege Escalation

A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.

AppWizard

March 3, 2026

Should Marathon change its divisively fast Server Slam time-to-kill?

Marathon's four-day Server Slam concluded, with Bungie analyzing player feedback and statistics. A notable metric was the number of bottles of alien milk stolen from Tau Ceti. Bungie is considering changes to the time-to-kill (TTK) mechanics and the introduction of a duo queue, amidst divided community opinions on gameplay pace. The current TTK is fast, leading to quick eliminations, while the game's revive system allows teammates to bring back fallen players, affecting combat dynamics. Players are encouraged to be cautious and strategic due to the rapid pace and limited resources available during the Server Slam. Adjustments to TTK could disrupt the game's balance, and Bungie is monitoring feedback closely before the official launch.

AppWizard

March 3, 2026

Logitech G Study shows Esports enters its prime

A comprehensive study from Logitech G surveyed 18,000 individuals across 12 countries, revealing that nearly 8% of respondents globally would choose to pursue a career as a professional gamer if given the opportunity, surpassing traditional professions like politician (6%) and professional racer (5%). Among Generation Z, the desire to become a pro gamer rises to 15%. Two-thirds of Gen Z see esports as a legitimate professional career path, with 54% of all respondents considering esports a legitimate professional avenue. The global esports audience reached 611 million in 2024, projected to grow to 641 million by the end of 2025, with the industry valued at .1 billion and expected to reach .5 billion by 2030. Nearly half of Gen Z support adding esports to the Olympic Games, while 49% of Gen Z favor including esports in the main Olympics, compared to 21% of Baby Boomers. The 2024 League of Legends World Final attracted a peak global audience of 50 million, and over 62,000 spectators attended the 2025 Honor of Kings KPL Grand Finals in Beijing. Concerns about financial risk (42%), high competition levels (34%), and lack of support (31%) deter many from pursuing esports careers.

AppWizard

March 2, 2026

Best Secure and Encrypted Messaging Apps in 2026

Your text messages and calls can be intercepted by hackers, corporations, and government entities, putting your private information at risk. Corporations may use your messages for targeted advertising or sell your data, while hackers may exploit it for identity theft or fraud. Governments may monitor communications under the guise of national security. Secure messaging apps are essential to protect your communications, as many default options expose sensitive information through metadata or lack proper security. Signal is recognized as the most secure messaging app, offering end-to-end encryption, being open-source, and free of charge, though it requires a phone number for registration. Threema allows complete anonymity without data collection but has no free version. Telegram, while popular, has security concerns as not all communications are end-to-end encrypted by default. WhatsApp and Keybase are discouraged due to ownership issues affecting privacy. Characteristics to look for in a secure messaging app include end-to-end encryption, third-party testing, open-source code, self-destructing messages, and minimal user data collection.

Winsage

March 2, 2026

Still on Windows 10? That’s a security risk now

Microsoft Windows 11 Pro is available for .97, reduced from its regular price of 9, until March 8 at 11:59 P.M. Pacific. Windows 11 Pro includes enhanced security features such as TPM 2.0 support, BitLocker device encryption, Smart App Control, and Windows Sandbox. It also offers productivity tools like Hyper-V, Azure AD support, Snap layouts, and AI-assisted Copilot integration. Minimum system requirements for the upgrade include a 1 GHz or faster 64-bit processor, 4GB RAM, 64GB storage, UEFI firmware with Secure Boot, TPM 2.0, and DirectX 12 compatible graphics.

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.