Security Archives

Tech Optimizer

June 9, 2026

I trusted Malwarebytes to secure my PC for a month

Malwarebytes is an effective antivirus solution that provides robust protection against cyber threats, identified and blocked threats efficiently during usage. The software features a user-friendly interface with a Dashboard that includes tools such as a system scanner, VPN, and Trusted Advisor, which assesses system security. The Privacy, Identity, Tools, and Scam Guard sections offer additional functionalities, including monitoring for data breaches and identifying fraudulent emails. Malwarebytes operates with minimal CPU resource usage while effectively blocking malware and phishing attempts. An independent evaluation by MRG Effitas confirmed its high performance, earning a Level 1 certification. Pricing for Malwarebytes Premium starts at an annual fee for the Standard plan, with additional options available.

Winsage

June 9, 2026

Microsoft Makes Windows 11 an Agentic Platform

Microsoft announced a suite of agent-centric features for Windows 11 at the Build 2026 conference, introducing the Microsoft Agent Platform for local AI agents. This includes enhanced integration with Microsoft Foundry, GitHub, and the M365 suite. The developer documentation covers local agent runtimes and isolation patterns, highlighting the Microsoft Execution Containers SDK and Entra Agent ID. Enterprise controls like Intune and Agent 365 are also featured. The upcoming Copilot Actions will allow agents to interact with local files and applications, aimed at improving workflows. Microsoft is addressing security concerns with resources outlining strategies to mitigate risks such as cross-prompt injection. Industry commentary indicates a growing discussion about privacy and security in relation to these changes.

Winsage

June 9, 2026

Hybrid AI Agents, Orchestration, and the Real Reason Microsoft is Fixing Windows 11 ⭐

Over the past weekend, the author reviewed session videos from Build 2026, focusing on Windows 11. The sessions were categorized into three areas: Windows app development, developer productivity, and agentic AI. The introduction of hybrid agents, which combine local AI sub-agents, was a notable development. Microsoft's partnership with Qualcomm led to the launch of Windows 10 on Arm-based PCs branded as Always Connected PCs, which evolved into Copilot+ PCs with Nuvia-powered chips for Windows 11. The Copilot+ PCs emphasize on-device AI experiences through powerful neural processing units (NPUs). The introduction of second-generation Snapdragon X2-based PCs is underway, although adoption is slower than expected. Microsoft confirmed that Windows 11 will integrate AI agents, including local AI agents and hybrid agents. The capabilities of local AI models are being enhanced, and Windows AI APIs will now support CPUs and GPUs. New Nvidia chipsets will enable large language models to run locally on PCs. The orchestration of local and cloud AI components is essential for efficient AI workload management. Microsoft is addressing user pain points to support a robust local foundation for hybrid AI, aiming to improve Windows 11 overall.

AppWizard

June 8, 2026

NFCShare Android malware spreads via fake banking app updates on GitHub

New variants of the NFCShare Android malware are disguised as fake updates for legitimate banking applications and are targeting customers of various banks in Europe through a phishing campaign to steal sensitive payment card data. The malware prompts victims to place their cards near the NFC chip of their mobile devices, using Android’s IsoDep interface to read card information, including card number, type, expiry date, and a 4-digit PIN. The stolen data is exfiltrated to the attacker’s command-and-control host via a WebSocket channel. Recent attacks began on May 14, with victims directed to a phishing site that impersonates a legitimate bank and then to a GitHub repository hosting a malicious APK file. The repository has hosted 56 unique APKs impersonating banking applications primarily from Italy and Spain. The malware has evolved from initially targeting Deutsche Bank in Germany to a broader range of banks. The latest version features malformed APK packaging to complicate automated analysis. Users are advised to download banking applications only from Google Play and to be cautious of verification requests that ask for NFC card scans.

Winsage

June 8, 2026

Microsoft lets users disconnect Bing from Windows 11 search

Microsoft is set to enhance the user experience for Windows 11 by allowing users to disable web search results during local searches. This feature will be available in the settings menu under Privacy & Security > Search, with a new toggle under "Show suggested search results." Additionally, users will have the option to disable Microsoft Store suggestions in the Windows 11 search feature. Currently, turning off web results requires manual adjustments in the Windows registry, but the upcoming update aims to simplify this process. The exact rollout date for this update has not been announced.

Winsage

June 8, 2026

Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates

Microsoft has rolled out new Defender patches for Windows 11 ISOs, aligning with its commitment to security updates. Updates for Microsoft Defender for Endpoint's endpoint detection and response (EDR) will no longer be included with monthly Windows security updates or Patch Tuesdays; they will now be delivered via Microsoft Update. This change aims to allow faster deployment of EDR enhancements independently of the operating system's update cycle. The rollout for Windows 10 began in late May 2026, with plans to extend support to Windows 11 and other versions by fall 2026. EDR updates will be delivered using KB5005292, contingent on prerequisite updates. Systems must run Sense version 10.8798.25857.1000 or later and have specific Windows updates installed to qualify for the new delivery method. Organizations should align their update policies with this new approach before the broader rollout. In case of significant issues, the EDR update can be reverted using a specific command. Further details are available in the Microsoft 365 Admin Center under message ID MC1381119.

Winsage

June 8, 2026

Microsoft answers what you must do as Windows 11 Secure Boot deadline hits in days

The expiration date of the original Microsoft Secure Boot KEK certificate is June 24, 2026. Microsoft held a live "Ask Microsoft Anything" session on June 4 to address concerns regarding this deadline. The expiration affects the KEK key, while the DB key remains valid until October. After June 24, Microsoft will not be able to sign new DBX payloads, which are necessary for revoking compromised bootloaders. Devices without the new KEK may miss future revocations, leading to decreased security but will not stop booting immediately. The June Patch Tuesday update is expected to classify most systems as high confidence. IT administrators are advised to use the Intune monitoring report for device status and updates. Devices in a "temporarily paused" status require OEM firmware updates. Administrators should not delay manual rollouts for devices outside the high confidence classification. Secure Boot must be enabled to update certificates, and re-enabling it later can pose risks. Older models may receive high confidence classification faster than newer ones due to statistical requirements. In PXE boot environments, caution is needed when updating bootloaders. The Secure Boot update mechanism is consistent across Windows 10 and 11, and event logs are important diagnostic tools. Key event log entries include 1801, 1802, and 1803, which indicate various device statuses and issues. Microsoft provides resources at aka.ms/GetSecureBoot for further guidance.

Winsage

June 8, 2026

Meet the hidden Windows 11 tool that reveals what Task Manager misses

Microsoft has integrated Sysmon into Windows 11 through a system update, allowing it to operate in the background and log activities in the Windows Event Log. Indicators of suspicious processes include the absence of icons or descriptions, incorrect parent processes, spelling errors in names, unsigned executable files, packed executables, suspicious DLLs or services, open TCP/IP endpoints, and unusual URLs or character strings. To install Sysmon, users must access the Control Panel, enable Sysmon, and restart their PC. Activation requires running a command in the Command Prompt. Sysmon logs can be viewed in the Event Viewer under Microsoft > Windows > Sysmon > Operational. Users can filter events using an XML configuration file. After analysis, suspicious processes should be scanned with antivirus software, and files can be uploaded to VirusTotal for further examination. Sysmon continuously logs events, while Process Monitor captures snapshots of running processes, and both tools are available for free from Microsoft.

AppWizard

June 8, 2026

Android Sideloading in 2026: Which Apps Are Worth Installing Outside the Play Store

VidMate apk is a widely used application that operates outside the Play Store and continues to do so into 2026. Sideloading is the process of installing an Android app from a source other than the Google Play Store, using the APK file format. Android supports sideloading, allowing users to enable installations from unknown sources in their device settings. As of 2026, Google requires developers distributing apps outside the Play Store to register, verify their identity with a government-issued ID, and pay a one-time fee. This policy aims to enhance security without eliminating sideloading. Enforcement began in select countries in September 2026 and will continue globally through 2027. Concerns have been raised about the potential barriers this creates for independent developers. In 2026, apps from developers with official websites and established histories are considered safer, while those from anonymous sources carry increased risks. Notable categories of sideloaded apps include video downloaders like VidMate, open-source YouTube clients like NewPipe, ad-blocking browsers, and privacy-focused tools. To install sideloaded apps safely, users should enable the option to install from unknown sources in their device settings and download from official developer websites or trusted repositories like APKMirror, F-Droid, or GitHub. Users should avoid sites that do not identify the app's creator or host unverified uploads.

AppWizard

June 8, 2026

Pirated PC games are delivering password-stealing malware

A surge in Windows malware campaigns has been identified, with malicious software hidden in pirated PC games and modified installers for popular franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed. Over 400,000 devices globally have been affected, with around 30,000 cases in the United States. The malware, known as the "RenEngine loader," is disguised as a legitimate game launcher and infects systems when users download cracked games. It aims to deploy an infostealer called ARC, which can capture sensitive information such as passwords and cryptocurrency wallets, and may also install other harmful payloads like the Rhadamanthys stealer and Async Remote Access Trojan (RAT). Users often remain unaware of their infection until significant damage occurs. Recommendations for safety include avoiding unofficial downloads, using up-to-date anti-malware protection, and regularly updating software.