security alert Archives

AppWizard

November 26, 2025

Android users told to delete apps immediately after cyber attack infestation

Hundreds of Android applications have been compromised by SlopAds ad fraud malware, leading to their removal from the Google Play Store. A total of 224 apps were identified, collectively downloaded over 38 million times. The malware employs techniques like steganography to hide its activities and redirect users to malicious sites. Google has removed all identified malicious apps and will alert users to uninstall them. Android users are advised to activate Google Play Protect for enhanced security. The ad fraud undermines the integrity of legitimate advertisers and developers.

Winsage

November 2, 2025

Developer warns users that fake download site is hosting Windows 11 upgrade bypass tool — Win 10 upgraders warned of potential malicious downloads

Flyoobe is a third-party tool that helps users upgrade to Windows 11 on unsupported systems by bypassing system requirements and offering customization options. It allows users to remove AI functionalities and unwanted applications. However, there is a security concern regarding a potentially harmful version of Flyoobe being circulated from an unofficial site, flyoobe.net, which the developer warns may contain malware. Users are advised to download Flyoobe only from the official GitHub releases to ensure safety.

Winsage

October 21, 2025

Microsoft to release emergency fix for recent Windows 11 update

Microsoft is preparing to release an emergency update in response to significant disruptions caused by the recent Windows 11 update, KB5066835, which introduced critical bugs affecting many devices. Users have reported issues such as failure in localhost HTTP/2 connections, inability for locally hosted applications to connect to the network, malfunctioning Logitech hardware, non-responsive mouse and keyboard in the Windows Recovery Environment, and File Explorer documents failing to open in the Preview pane due to a false security alert. Microsoft is working on a patch and advises users to check for updates, which may take up to 48 hours to be available to all. Windows 11 now holds nearly 50% of the market share, while Windows 10, which is unsupported, has a 40% market share.

Winsage

October 18, 2025

Microsoft confirms Windows 11 KB5066835 issues. Localhost, File Explorer preview, install errors

Microsoft has acknowledged that the Windows 11 update KB5066835 is causing significant disruptions, particularly affecting localhost (127.0.0.1) HTTP/2 connections, preventing locally hosted applications from connecting to the network. Installation of the October 2025 Patch Tuesday update may fail due to error codes including 0x800f0922, 0x800f0983, 0x800f081f, 0x80071a2d, and 0x800f0991. A bug is obstructing File Explorer's document previews in the Preview pane, citing security concerns. Compatibility issues have arisen with certain Logitech peripherals, rendering them non-functional, and users are reporting unresponsive mouse and keyboard inputs in the Windows Recovery Environment (WinRE). Despite being a mandatory security update, KB5066835 has introduced features like repositioning on-screen volume indicators and enhancing File Explorer's context menu loading speed, but these enhancements have disrupted critical functionalities. Microsoft is rolling out an emergency patch to resolve localhost-related problems, which may take over 48 hours to appear. A workaround for localhost issues involves modifying the Windows Registry to disable HTTP/2. File Explorer's preview issue can be addressed by unblocking files using PowerShell or modifying the registry. Logitech's specialized features have stopped working for some users, and keyboard and mouse inputs are unresponsive in WinRE after the update. Users can disable WinRE and replace the WinRE image as a potential fix, but this is recommended only for IT administrators.

Tech Optimizer

October 13, 2025

Is that virus warning real? How to spot false alarms

Procolored experienced a security incident during a routine download of printer software, where both Google Chrome and Microsoft Defender flagged the software, leading to its quarantine. Despite Procolored's claims of safety, G Data's investigation found a backdoor virus (Xred) and a Trojan, prompting Procolored to release an updated version of the software. False alarms from antivirus software, while typically accounting for less than 1% of reports, can cause significant emotional responses in users. These false positives often arise from heuristic and behavioral analysis methods that misclassify benign software, particularly those interacting with system settings or accessing sensitive data. Users are advised to critically assess antivirus alerts by evaluating the software's purpose, source reputation, and being cautious of social engineering tactics. If confident in a flagged program's safety, users can whitelist it to prevent future alerts. Alternative antivirus tools can be used for verification, and creating bootable USB sticks or DVDs with virus scanners is recommended for additional security. Running suspicious software in a secure environment, like a virtual machine, can help mitigate risks. Users should also be wary of pop-up alerts from dubious sources, as they may be scams.

AppWizard

October 10, 2025

If You’re Using This VPN App on Android, Get Rid of It Now

Security experts warn Android users about the Mobdro Pro IP TV Plus VPN app, which is not available on the Google Play Store and may contain malware called Klopatra. This malware can compromise bank accounts and take control of devices. The app has been linked to thousands of compromised devices, primarily in Italy and Spain, since its emergence in late August. Users are advised to delete this app if installed.

Winsage

September 30, 2025

Google pop-up calls Windows 10 risky, says get a Chromebook ahead of Win10 EOL

Google has introduced a pop-up ad on its homepage promoting the Chromebook Plus as a more secure alternative to Windows 10, which is set to reach its end-of-life (EOL) on October 14, 2025. The ad suggests that using Windows 10 may be like dealing with a “virus” and emphasizes that security fixes for the operating system will cease this October. The ad includes a link to Google’s “Switch to Chromebook” page, which highlights the Chromebook's security and simplicity, and reassures users that they can access Microsoft 365 applications on Chromebooks. Google holds nearly 80% of the search engine market share and has previously targeted Microsoft products through advertising.

Tech Optimizer

September 21, 2025

New EDR-Freeze Tool That Puts EDRs and Antivirus Into A Coma State

EDR-Freeze is a proof-of-concept tool developed by Zero Salarium that can place Endpoint Detection and Response (EDR) and antivirus solutions into a suspended state. It utilizes the MiniDumpWriteDump function from the Windows DbgHelp library to achieve this by extending the suspension of target processes. The tool circumvents the Protected Process Light (PPL) security feature using WerFaultSecure.exe, which operates at a high privilege level. By launching WerFaultSecure.exe with specific parameters, EDR-Freeze can monitor and suspend it, preventing the target EDR or antivirus process from resuming. A test on Windows 11 24H2 successfully suspended the MsMpEng.exe process of Windows Defender. Detecting this technique involves monitoring for unusual executions of WerFaultSecure.exe targeting sensitive process IDs.

AppWizard

June 17, 2025

android users malware stay alert

A new strain of malware called "Crocodilus" is targeting Android users, designed to steal funds. It spreads through advertisements on social media that entice users to download an app with promises of rewards. Once installed, the malware can modify the user's contact list, adding numbers under trustworthy names like "Bank Support" to deceive victims. Security experts from Threat Fabric warn that this malware represents a significant threat and recommend that users only download apps from trusted sources like the Google Play Store, and to verify app developer credentials and user reviews before installation.

Winsage

April 13, 2025

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed

Microsoft addressed over 120 vulnerabilities during its April 2025 Patch Tuesday, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. WinRAR users are urged to update to version 7.11 due to a vulnerability (CVE-2025-31334) that allows attackers to bypass Windows' Mark of the Web security feature. Chief Information Security Officers (CISOs) are experiencing security platform fatigue due to the proliferation of multiple security tools. President Donald Trump signed an Executive Order revoking security clearances for Chris Krebs and his colleagues at SentinelOne. Cyber crisis simulations are becoming essential for organizational preparedness against evolving cyber threats. Fortinet has released patches for vulnerabilities, including a critical flaw (CVE-2024-48887) in FortiSwitch appliances. WhatsApp users should update their Windows client app to fix a vulnerability (CVE-2025-30401) that could allow harmful code execution. Kevin Serafin, CISO at Ecolab, discussed aligning security initiatives with business objectives. There is a rise in compromised large language model (LLM) attacks and risks associated with AI autonomy. New open-source tools like the YES3 Scanner and APTRS have been developed to enhance security capabilities. The cybersecurity job market remains strong, with increasing demand for skilled professionals.