service providers Archives

Winsage

April 23, 2026

Microsoft faces court battle in £2bn Windows Server class action

The Competition Appeal Tribunal (CAT) has approved a £2 billion class action against Microsoft, aimed at compensating approximately 59,000 businesses using the Windows Server operating system in non-Microsoft public clouds. The collective action, led by Maria Luisa Stasi, alleges that Microsoft has overcharged UK entities for Windows Server on competing cloud services. The tribunal dismissed Microsoft's objections and granted a Collective Proceedings Order on an opt-out basis. The class action addresses two main issues: pricing abuse related to the Microsoft Service Provider License Agreement (SPLA) and re-licensing abuse concerning the deployment of Windows Server on Azure versus other cloud providers. The UK Competition and Markets Authority is also investigating Microsoft's software licensing practices within the cloud market. James Hain-Cole from law firm Scott+Scott expressed satisfaction with the tribunal's decision, emphasizing its significance for securing compensation for affected businesses.

Winsage

April 22, 2026

“For years, Microsoft’s practices have had real financial impact on both public and private organizations” – Microsoft faces new legal challenge over licensing practices

Microsoft is facing a £2 billion lawsuit in the UK, led by competition lawyer Maria Luisa Stasi, representing nearly 60,000 businesses that claim the company imposes excessive charges for using Windows Server on competing cloud platforms. The allegations focus on higher licensing fees for organizations using services like Amazon Web Services, Google Cloud Platform, and Alibaba Cloud compared to those using Microsoft’s Azure. The lawsuit has been allowed to proceed on an opt-out basis by the Tribunal. Microsoft plans to appeal the decision and asserts that its business model promotes competition. The case is part of broader scrutiny of Microsoft's licensing practices, with investigations also initiated by the UK Competition and Markets Authority and the European Commission, as well as inquiries in Brazil, Switzerland, the United States, and Japan.

AppWizard

April 11, 2026

This Russian military intelligence group has been stealing people’s sensitive data, so you might want to connect your router through a VPN

The National Cyber Security Centre (NCSC) in the UK has reported that the Russian military intelligence group APT28 is exploiting vulnerabilities in routers to redirect internet traffic through malicious servers, siphoning off sensitive information from users. This includes login credentials, search histories, and private messages. APT28's servers function as anti-VPNs, designed to extract user data rather than protect it. The group appears to be gathering data for strategic objectives, particularly targeting businesses in sectors like manufacturing and military contracting, while also potentially weaponizing information from individuals to influence public opinion. The NCSC has issued guidance for businesses on online privacy, and recommends the use of VPNs as a protective measure for individuals, with NordVPN being highlighted as a top choice among various reliable options.

AppWizard

April 9, 2026

Why Russia is looking to China’s WeChat model for its Max messenger

Russia is developing the messaging app Max into a multifunctional "super app" inspired by Chinese platforms like WeChat and Douyin. The transformation aims to integrate messaging, payments, e-commerce, digital services, and content consumption into a single platform. The initiative is supported by the Russian government to enhance digital sovereignty and reduce reliance on foreign apps. Key features include a unified platform for services, payment systems, support for businesses, and content-driven commerce. However, Max faces challenges from established competitors, privacy concerns, and the need for a robust ecosystem. The success of Max could position it as a central hub for digital activity in Russia.

Tech Optimizer

April 6, 2026

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server. The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials. This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.

Winsage

April 2, 2026

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

A campaign targeting Windows users exploits WhatsApp attachments to execute a malicious .vbs script. Victims receive what appears to be a harmless attachment, which, when opened, duplicates legitimate Windows tools into a hidden folder and renames them to avoid detection. These tools are then used to download additional malware from reputable cloud services, disguising the malicious activity. The malware seeks administrator privileges by altering User Account Control settings and registry entries for persistence. It ultimately installs remote-access software and other payloads to maintain control over the compromised device. Malwarebytes recommends safety measures such as avoiding unsolicited attachments, enabling file extensions, using updated anti-malware tools, downloading software from official sites, being cautious of unexpected UAC prompts, and keeping systems updated.

Winsage

March 30, 2026

Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products

On March 11, NSFOCUS CERT reported the release of Microsoft’s March Security Update, addressing 83 security vulnerabilities in products like Windows, Microsoft Office, Microsoft SQL Server, and Azure. The update includes eight critical vulnerabilities and 75 important ones, with risks such as privilege escalation and remote code execution. Key vulnerabilities include: - CVE-2026-26110: Microsoft Office Remote Code Execution Vulnerability (CVSS score: 8.4) - CVE-2026-26113: Microsoft Office Remote Code Execution Vulnerability (CVSS score: 8.4) - CVE-2026-26144: Microsoft Excel Information Disclosure Vulnerability (CVSS score: 7.5) - CVE-2026-23669: Windows Print Spooler Remote Code Execution Vulnerability (CVSS score: 8.8) - CVE-2026-24294: Windows SMB Server Privilege Escalation Vulnerability (CVSS score: 7.8) - CVE-2026-23668: Windows Graphics Component Privilege Escalation Vulnerability (CVSS score: 7.0) Affected product versions include various editions of Microsoft Office, Windows Server 2012 R2, Windows Server 2016, Windows 10, and Windows 11. Microsoft has released security patches for these vulnerabilities, and users are encouraged to install them promptly.

Winsage

March 19, 2026

Someone hacked Windows 98 onto a year 2000 Internet appliance just because they can

Dave Luna is attempting to run Windows 98 on the Compaq iPAQ IA‑2, a device originally designed for Windows CE. The iPAQ IA‑2 has limited hardware capabilities, including a 266 MHz Geode GX1 CPU and a maximum of 256 MB of SDRAM, which complicates the process of running a full operating system. Luna utilized the device's 16 MB flash drive, originally used for the operating system, to write MS-DOS and employ a chain-boot method to launch Windows 98. He successfully booted Windows 98 from an IDE drive by tricking the system into recognizing it as an ATAPI device, despite the BIOS restrictions. The iPAQ IA‑2 is not practical for regular use but allows for nostalgic gaming, such as playing DOOM. The concept of internet appliances, aimed at providing simple web browsing and email solutions, failed due to their restrictive nature, difficulties in software and hardware upgrades, and the need for subscriptions to specific Internet Service Providers. As broadband internet became more common, the appeal of these devices decreased, leading to their obsolescence, although they contributed to the development of modern devices like Chromebooks.

Winsage

March 2, 2026

NTLM is going away: what Microsoft’s phaseout means for MSPs and IT teams

The migration from NTLM to Kerberos authentication is essential for improving security in Windows systems, but it faces challenges such as legacy systems and hardcoded authentication. Organizations must identify NTLM usage, conduct testing with NTLM disabled, and make necessary adjustments or upgrades to migrate successfully. Ongoing monitoring is crucial post-migration to prevent NTLM from re-entering the network. NTLM is associated with significant security vulnerabilities and has been exploited by various threat groups, making its elimination a priority for organizations despite potential hesitations to invest in the migration process. Transitioning to Kerberos is seen as a strategic security investment.

Winsage

February 16, 2026

Rufus developers blame Microsoft for blocking access to the latest Windows 11 ISOs — Windows Insiders met with an IP ban after attempting to download latest builds

Microsoft has implemented restrictions that prevent certain IP addresses from downloading the latest Insider ISOs for Windows 11, affecting users and third-party developers. Reports indicate that multiple users, including those using various ISPs and VPNs, are unable to access these downloads. The Rufus team has also confirmed difficulties with their software in installing the latest Windows 11 Insider Preview ISOs.