service Archives

Winsage

June 27, 2026

New Millenium RAT version infects 62,000 Windows systems worldwide

A significant evolution of the Millenium remote access trojan (RAT) has impacted over 62,000 Windows devices across more than 160 countries. The latest version, 4.*, marks a departure from previous .NET-based versions and is attributed to a threat cluster known as Y2K Operators, with the creator identified as “ShinyEnigma.” There are 62,289 infected endpoints, with 39,730 infections occurring in the first quarter of 2026. The RAT is marketed as malware-as-a-service (MaaS) and promoted through underground forums and platforms like GitHub, with accessible pricing. Millenium RAT 4 is developed in native C++ and uses the Telegram Bot API for command-and-control communications. Its capabilities include stealing browser data, collecting system information, logging keystrokes, capturing screenshots and audio, accessing Telegram and Discord data, downloading additional payloads, and executing Windows or PowerShell commands. The malware ensures persistence by replicating itself in the %APPDATA% directory and creating an autorun registry entry. The malware is distributed through social engineering tactics such as cracked software, cryptocurrency utilities, hacking toolkits, OSINT tools, exploit builders, and Roblox-related cheats. Some campaigns have trojanized malware builders, infecting cybercriminals. One campaign used PDF-themed lures with a malicious Windows shortcut to download the RAT while displaying a legitimate document. Payloads often use filenames associated with Windows components or security software to blend into infected systems. Group-IB recommends avoiding untrusted executables, applying security updates, enabling multi-factor authentication, and monitoring for unusual autorun registry entries.

Winsage

June 26, 2026

Windows 11’s huge July 14 update is loaded with new features — these are the 13 that matter most

Microsoft will launch the Windows 11 July 2026 Security Update on July 14, 2026, introducing new features and bug fixes. Key features include the Point-in-time Restore recovery feature, which allows users to revert to a stable system state using restore points, and enhancements to Bluetooth, network virtualization, and touchpad functionality. The update will be available for Windows 11 versions 25H2 and 24H2, managed through Controlled Feature Rollout (CFR) technology. The update enhances the "Pause updates" functionality with a calendar view for pausing updates for up to 35 days. The Magnifier tool will allow users to input exact zoom percentages, and printer installations will default to the Internet Printing Protocol (IPP). Location settings will be simplified, and File Explorer will see performance improvements, including new options on the Home page. Bluetooth enhancements will improve reliability and audio performance, while Phone Link will refine call handling between Windows 11 and smartphones. Voice Typing and Voice Access will be improved for real-time text refinement and support multiple languages. Networking improvements will focus on reliability and performance, particularly in virtualized environments, and touchpad customization options will allow adjustments to the right-click area.

Winsage

June 26, 2026

You weren’t imagining it: Windows 11’s slow shutdowns are finally fixed

Windows 11 users are experiencing delays during the shutdown process, attributed to the Background Intelligent Transfer Service (BITS). Microsoft has released an optional update, KB5095093, to address this issue by improving the shutdown time of the BITS service. The update is expected to reduce unexpected freezes linked to BITS and also includes enhancements in Bluetooth functionality. Users must manually install the update via Windows Update or the Microsoft Update Catalog, with improvements set to be included in July’s main update.

Winsage

June 26, 2026

Microsoft extends extended updates for Windows 10 in the most muted way imaginable

Microsoft has extended its offer of extended security updates for consumer users of Windows 10 until October 12, 2027, following the official end of support for the operating system on October 14, 2025. Users can acquire an extra year of patches for a modest fee, while business users have the option for an additional three years of support until 2028. Approximately 30 percent of HP's customers and 26 percent of all Windows users are still operating on Windows 10, which translates to hundreds of millions of PCs globally. The minimum requirements for running Windows 11 include a Trusted Platform Module (TPM) 2.0, 4GB of RAM, and 64GB of storage.

Winsage

June 26, 2026

Your Windows 10 PC just quietly got another year of free support

Microsoft has extended the security updates for Windows 10 users by an additional year, with the new end date for the Extended Security Updates (ESU) program set for October 12, 2027. This extension applies automatically to existing ESU enrollees, and new users can sign up until the deadline. The change was confirmed by a Microsoft spokesperson in an editor's note added to a blog post. The extension does not apply to corporate Windows deployments, which require costly ESU subscriptions that extend support until October 2028.

Winsage

June 25, 2026

Windows 10 quietly gets one more year of support and updates

Microsoft has extended the support timeline for Windows 10 by initiating the Extended Security Updates (ESU) program, which provides an additional year of essential security updates until October 12, 2027. Users can enroll in the ESU program until it ends, and those already enrolled will have their coverage automatically continue through that date. The ESU program, previously a paid feature for businesses, is now available to regular consumers at no additional cost.

AppWizard

June 25, 2026

Apple has removed this Russian application from the App Store

Apple has removed VKontakte (VK) from its App Store, as confirmed by VK Group. VK stated that its apps are no longer available for download or updates on Apple devices, which they claim restricts access for Russian users to popular services. Apple justified the removal by stating it complies with laws and sanctions, though VK noted it has never been subjected to U.S. sanctions. The Kremlin has called Apple's decision "bizarre" and is seeking clarification, with Russia's digital development ministry labeling the action as politically motivated and asserting there are no grounds for blocking VK apps.

AppWizard

June 25, 2026

Russia’s state-backed messaging app Max blocks regional chats where users tracked gas availability and shared information about lines at filling stations

The Max messenger has blocked chat groups in at least four Russian regions—Ivanovo, Vladimir, Tver, Krasnokamsk, and Chita—where users were tracking gas availability and information about filling station queues. The chat group "Benzin 33" in the Vladimir region gained 15,000 subscribers in three days, while "Benzin Ivanovo" had around 8,000 members, and the Tver chat reached 9,000 subscribers. The blocking in Vladimir was due to a technical violation related to subscriber registration with Roskomnadzor, while the reasons for blockings in other regions are unclear. Russia is facing a fuel crisis exacerbated by Ukrainian strikes on oil refineries, leading to restrictions on gasoline sales in over 20 areas and widespread shortages at gas stations. Additionally, the Federal Antimonopoly Service has banned the sale of gasoline on digital platforms, resulting in blocked listings on e-commerce sites like Ozon and Wildberries.

AppWizard

June 25, 2026

This free Pixel app is the reason I canceled my AI note-taking subscription

Sanuj Bhatia from Android Authority highlights the capabilities of Google’s Pixel Recorder app, which he found effective enough to cancel his subscription to a paid AI note-taking service. The app, upgraded with Gemini Nano technology in the Pixel 9 series, can record audio and generate live transcripts with punctuation and grammar corrections, identifying multiple speakers during meetings. It integrates with a web application for easy access to recordings and transcripts on desktop devices. The app processes data on-device, ensuring privacy, which is advantageous for professionals handling sensitive information. While it has limitations, such as not being able to join meetings virtually and lacking collaborative features, it is considered a reliable and cost-efficient alternative to traditional AI note-taking tools.

Winsage

June 25, 2026

Introduction to COM usage by Windows threats

Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.