service providers Archives

AppWizard

April 11, 2026

This Russian military intelligence group has been stealing people’s sensitive data, so you might want to connect your router through a VPN

The National Cyber Security Centre (NCSC) in the UK has reported that the Russian military intelligence group APT28 is exploiting vulnerabilities in routers to redirect internet traffic through malicious servers, siphoning off sensitive information from users. This includes login credentials, search histories, and private messages. APT28's servers function as anti-VPNs, designed to extract user data rather than protect it. The group appears to be gathering data for strategic objectives, particularly targeting businesses in sectors like manufacturing and military contracting, while also potentially weaponizing information from individuals to influence public opinion. The NCSC has issued guidance for businesses on online privacy, and recommends the use of VPNs as a protective measure for individuals, with NordVPN being highlighted as a top choice among various reliable options.

AppWizard

April 9, 2026

Why Russia is looking to China’s WeChat model for its Max messenger

Russia is developing the messaging app Max into a multifunctional "super app" inspired by Chinese platforms like WeChat and Douyin. The transformation aims to integrate messaging, payments, e-commerce, digital services, and content consumption into a single platform. The initiative is supported by the Russian government to enhance digital sovereignty and reduce reliance on foreign apps. Key features include a unified platform for services, payment systems, support for businesses, and content-driven commerce. However, Max faces challenges from established competitors, privacy concerns, and the need for a robust ecosystem. The success of Max could position it as a central hub for digital activity in Russia.

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

Winsage

April 2, 2026

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

A campaign targeting Windows users exploits WhatsApp attachments to execute a malicious .vbs script. Victims receive what appears to be a harmless attachment, which, when opened, duplicates legitimate Windows tools into a hidden folder and renames them to avoid detection. These tools are then used to download additional malware from reputable cloud services, disguising the malicious activity. The malware seeks administrator privileges by altering User Account Control settings and registry entries for persistence. It ultimately installs remote-access software and other payloads to maintain control over the compromised device. Malwarebytes recommends safety measures such as avoiding unsolicited attachments, enabling file extensions, using updated anti-malware tools, downloading software from official sites, being cautious of unexpected UAC prompts, and keeping systems updated.

Winsage

March 30, 2026

Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products

On March 11, NSFOCUS CERT reported the release of Microsoft’s March Security Update, addressing 83 security vulnerabilities in products like Windows, Microsoft Office, Microsoft SQL Server, and Azure. The update includes eight critical vulnerabilities and 75 important ones, with risks such as privilege escalation and remote code execution. Key vulnerabilities include: - CVE-2026-26110: Microsoft Office Remote Code Execution Vulnerability (CVSS score: 8.4) - CVE-2026-26113: Microsoft Office Remote Code Execution Vulnerability (CVSS score: 8.4) - CVE-2026-26144: Microsoft Excel Information Disclosure Vulnerability (CVSS score: 7.5) - CVE-2026-23669: Windows Print Spooler Remote Code Execution Vulnerability (CVSS score: 8.8) - CVE-2026-24294: Windows SMB Server Privilege Escalation Vulnerability (CVSS score: 7.8) - CVE-2026-23668: Windows Graphics Component Privilege Escalation Vulnerability (CVSS score: 7.0) Affected product versions include various editions of Microsoft Office, Windows Server 2012 R2, Windows Server 2016, Windows 10, and Windows 11. Microsoft has released security patches for these vulnerabilities, and users are encouraged to install them promptly.

Winsage

March 19, 2026

Someone hacked Windows 98 onto a year 2000 Internet appliance just because they can

Dave Luna is attempting to run Windows 98 on the Compaq iPAQ IA‑2, a device originally designed for Windows CE. The iPAQ IA‑2 has limited hardware capabilities, including a 266 MHz Geode GX1 CPU and a maximum of 256 MB of SDRAM, which complicates the process of running a full operating system. Luna utilized the device's 16 MB flash drive, originally used for the operating system, to write MS-DOS and employ a chain-boot method to launch Windows 98. He successfully booted Windows 98 from an IDE drive by tricking the system into recognizing it as an ATAPI device, despite the BIOS restrictions. The iPAQ IA‑2 is not practical for regular use but allows for nostalgic gaming, such as playing DOOM. The concept of internet appliances, aimed at providing simple web browsing and email solutions, failed due to their restrictive nature, difficulties in software and hardware upgrades, and the need for subscriptions to specific Internet Service Providers. As broadband internet became more common, the appeal of these devices decreased, leading to their obsolescence, although they contributed to the development of modern devices like Chromebooks.

Winsage

March 2, 2026

NTLM is going away: what Microsoft’s phaseout means for MSPs and IT teams

The migration from NTLM to Kerberos authentication is essential for improving security in Windows systems, but it faces challenges such as legacy systems and hardcoded authentication. Organizations must identify NTLM usage, conduct testing with NTLM disabled, and make necessary adjustments or upgrades to migrate successfully. Ongoing monitoring is crucial post-migration to prevent NTLM from re-entering the network. NTLM is associated with significant security vulnerabilities and has been exploited by various threat groups, making its elimination a priority for organizations despite potential hesitations to invest in the migration process. Transitioning to Kerberos is seen as a strategic security investment.

Winsage

February 16, 2026

Rufus developers blame Microsoft for blocking access to the latest Windows 11 ISOs — Windows Insiders met with an IP ban after attempting to download latest builds

Microsoft has implemented restrictions that prevent certain IP addresses from downloading the latest Insider ISOs for Windows 11, affecting users and third-party developers. Reports indicate that multiple users, including those using various ISPs and VPNs, are unable to access these downloads. The Rufus team has also confirmed difficulties with their software in installing the latest Windows 11 Insider Preview ISOs.

Winsage

January 26, 2026

Your BitLocker-secured Windows PC isn’t so secure after all – unless you do this

Microsoft's BitLocker encrypts personal files on Windows hard drives to protect against unauthorized access in case of loss or theft. The BitLocker recovery key is essential for decrypting data, but Microsoft has confirmed it will comply with valid legal requests for access to these keys if they are stored in the cloud. This was highlighted during an FBI investigation in Guam, where Microsoft provided recovery keys related to a COVID unemployment fraud case. Microsoft receives about 20 requests for BitLocker keys annually, but many cannot be fulfilled if users do not store their keys in the cloud. The Guam case is the first known instance of Microsoft providing encryption keys to law enforcement, contrasting with a previous request from the FBI in 2013 that was declined. Users can choose to store their keys locally or in Microsoft's cloud, but storing them in the cloud carries risks of unauthorized access. For optimal security, it is recommended to save the recovery key on a USB stick or external drive, encrypting the file if necessary, and avoiding cloud storage. Users should check their BitLocker settings in Windows 11 or 10 to manage their recovery keys and consider removing any keys stored in the cloud.

AppWizard

January 19, 2026

Internet restored in Uganda but social media and messaging apps still restricted

Uganda has restored its internet services after four days of enforced silence, though social media and messaging applications remain restricted. Connectivity resumed on Sunday, but limited access to several platforms persists, as reported by NetBlocks. Proton VPN experienced an 8,000% increase in signups from Uganda within one hour of the initial restrictions. The Uganda Communications Commission (UCC) allows the use of VPNs for accessing blocked platforms but warns against their misuse for illegal activities, indicating potential legal repercussions. The UCC had mandated internet service providers to halt access before a presidential election to prevent misinformation and safeguard national security. This is not the first internet blackout in Uganda, as similar measures were taken during the 2021 elections.