risk

Tech Optimizer
July 3, 2026
Cybercriminals are using a sophisticated method to bypass security measures by embedding malware within the VLC media player. This campaign exploits VLC to install ValleyRAT, a remote access trojan, through phishing emails that contain links to download a seemingly harmless file. Once the file is opened, it activates a hidden backdoor that evades detection by antivirus solutions. The malware has been active since 2023, with a significant increase in activity noted through 2025 and into 2026, particularly targeting Chinese and Japanese-speaking users. The infection process begins when a victim clicks a link in a phishing email, leading to a ZIP archive containing a disguised executable and a malicious DLL (libvlc.dll). The executable mimics a legitimate VLC file, and when executed, it loads the DLL, allowing the malware to run under the guise of VLC. The malware establishes persistence by creating a registry entry and connects to a remote server to retrieve the final payload. ValleyRAT employs evasion tactics to avoid detection, such as performing checks on system behavior and using a fileless approach to inject its payload directly into memory, avoiding storage on disk. Researchers recommend training employees to recognize suspicious filenames and deploying endpoint detection tools to identify DLL sideloading behavior. For organizations affected by this campaign, isolating compromised systems and reviewing security logs are critical initial steps. Indicators of compromise include a malicious email domain, a ZIP archive containing a fake VLC executable, and a download URL for ValleyRAT.
AppWizard
July 2, 2026
Robert Bowling, former strategist of the Call of Duty franchise, has co-founded a new studio called //18.bravo after the closure of his previous venture, Midnight Society, in 2025. The studio aims to foster a collaborative environment by aligning leadership compensation with employee success and introducing a royalty program for employees and profit-sharing with external talents. //18.bravo's debut project will not support live service models, focusing instead on creating a sustainable gaming experience with dedicated servers and optimized peer-to-peer architecture. This approach prioritizes longevity over immediate financial success, addressing gamer concerns about game shutdowns.
AppWizard
July 1, 2026
Kalshi has filed a federal lawsuit against the state of Illinois, challenging a law that imposes taxes and licensing requirements on sports-related trades in prediction markets. The lawsuit questions whether contracts traded on Kalshi's federally regulated exchange are classified as sports bets under state laws or as financial derivatives overseen by the Commodity Futures Trading Commission (CFTC). Illinois law categorizes prediction market operators as sports wagering businesses, imposing a 1.75% tax on the first five million sports wagers annually, increasing to 3.5% for wagers above that threshold, along with a costly licensing requirement. Kalshi argues that these state requirements are preempted by federal law and contends that its offerings are financial instruments, not traditional wagers. The dispute reflects a broader conflict between federal and state regulators regarding jurisdiction over prediction markets, with the CFTC previously filing a lawsuit against Illinois over similar regulatory issues. The outcome of this legal battle could have implications for the regulation of prediction contracts related to various events beyond sports.
Winsage
July 1, 2026
Microsoft Windows 11 Pro is available for .97, down from 9, as part of the Extended Deal Days event, valid until 11:59 p.m. PT today. Key features include BitLocker, Hyper-V, Windows Sandbox, and Azure AD Support. User experience enhancements include Snap Layouts, Copilot, DirectX 12 Ultimate, and Biometric Sign-In. The purchase is a one-time fee, and users should verify compatibility with Microsoft's PC Health Check app.
AppWizard
July 1, 2026
Google is rolling out a per-app backup feature for Pixel devices, allowing users to control which specific apps are backed up to the cloud. This feature can be accessed through Settings > Accounts and backup > Google Backup > Other device data, where users can see the top three apps consuming space and toggle backups on or off for each app. Users can also view the backup size for each app and manage apps that currently have no data backed up. This update aims to give users clearer visibility and control over their Google cloud storage.
Winsage
June 30, 2026
Security researcher Chaotic Eclipse, known as Nightmare-Eclipse, bypassed Windows 11's BitLocker security using a USB stick and claimed Microsoft intentionally included a backdoor in the feature. Microsoft responded by patching three zero-day exploits disclosed by Nightmare-Eclipse: YellowKey, GreenPlasma, and MiniPlasma, and is monitoring another exploit called RoguePlanet, cataloged as CVE-2026-50656. The RoguePlanet exploit is a race condition with varying success rates on different machines, achieving a 100% success rate on some devices. Microsoft acknowledged that while Windows 11's Defender is generally sufficient for most users, third-party tools can offer additional security features. Tensions between Nightmare-Eclipse and Microsoft have risen, with the company previously considering legal action but now indicating it will not pursue lawsuits against researchers sharing their findings.
Search