SSH Archives

Winsage

March 31, 2026

Microsoft to upgrade Windows Subsystem for Linux (WSL) with faster file access, better networking and easier setup

Microsoft plans to enhance the Windows Subsystem for Linux (WSL) in 2026, focusing on several key improvements for developers. These enhancements include: - Faster file performance between Linux and Windows to address current latency issues. - Improved network compatibility and throughput for better communication between environments. - A streamlined setup and onboarding experience to simplify installation for newcomers. - Enhanced enterprise management and security features to improve control and safety in corporate settings.

Tech Optimizer

March 30, 2026

Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer On macOS

Security researchers have identified a new macOS information stealer called Infiniti Stealer, which extracts sensitive information from Mac users using a social engineering tactic known as ClickFix. This method involves a counterfeit Cloudflare human verification page that prompts users to enter a command in their Mac Terminal, allowing the malware to bypass security measures. The infection process consists of three stages: 1. A Bash dropper script downloads and decodes a hidden payload. 2. A Nuitka loader, designed for Apple Silicon Macs, complicates detection by compiling Python code into a native application. 3. The final payload, Infiniti Stealer, harvests personal data such as browser passwords, macOS Keychain entries, cryptocurrency wallets, and captures screenshots. Indicators of Compromise (IOCs) associated with Infiniti Stealer include: - MD5 Dropper: da73e42d1f9746065f061a6e85e28f0c - SHA256 Stage-3: 1e63be724bf651bb17bcf181d11bacfabef6a6360dcdfda945d6389e80f2b958 - C2 Domain: update-check[.]com - C2 URL: https://update-check[.]com/m/7d8df27d95d9 - Panel: Infiniti-stealer[.]com - Packer Magic: 4b 41 59 28 b5 2f fd (KAY + zstd) - Debug Log: /tmp/.bs_debug.log

Winsage

March 13, 2026

These 4 open-source apps fixed Windows’ biggest problems

Windows operating system has evolved over the years, but initially, it often required external tools for tasks like video playback, file compression, secure connections, and file transfers. VLC Media Player addressed the issue of codec compatibility in video playback by bundling its own codecs, making it a widely used media player. 7-Zip improved file compression on Windows by offering superior efficiency, extensive format support, and user-friendly features, becoming essential for archiving tasks. PuTTY provided Windows users with their first effective SSH client, allowing secure terminal connections to remote servers, and remains popular despite Microsoft integrating OpenSSH. FileZilla simplified the process of uploading files to servers with its user-friendly graphical interface, becoming a staple for web developers. Despite improvements in Windows, many users continue to install these open-source applications out of habit due to their reliability and effectiveness.

Winsage

March 6, 2026

Chinese hackers hide malware in Windows and Google Drive to hit targets

Chinese state-sponsored threat actors, specifically a group known as Silver Dragon, have been conducting espionage operations across Southeast Asia and Europe since at least mid-2024. They have targeted government entities in countries such as Russia, Poland, Hungary, Italy, Japan, Myanmar, and Malaysia. Silver Dragon is believed to be affiliated with APT41 and primarily uses phishing emails to initiate attacks, often containing weaponized documents or links. They employ a custom backdoor called GearDoor, which utilizes Google Drive for command-and-control operations, allowing them to exfiltrate stolen intelligence. The group also hijacks legitimate Windows services to load malicious code and uses tools like SSHcmd and Cobalt Strike for post-exploitation activities. Their tactics involve blending malicious activities with normal system operations, making detection difficult and increasing their dwell time within targeted networks.

Winsage

February 17, 2026

How to Uninstall and Reinstall Chrome on Windows 11 Using Winget CMD

Google Chrome can experience performance issues on Windows due to corrupted profiles, extension conflicts, broken updates, and crashes. A complete uninstall and reinstall often resolves these issues, and the Windows Package Manager (Winget) provides a command-line method for this process. To uninstall Chrome using Winget, open Terminal as an administrator and run the command PLACEHOLDER7836d906c03bd8f1. After uninstallation, verify it with PLACEHOLDER30cf24d62406b8ee, then reinstall using PLACEHOLDER76e40aae6965d719. For a clean reinstall, delete the leftover user data folder at PLACEHOLDER142352b706501488. Commands: - Check installed version: winget list Google.Chrome - Uninstall Chrome: winget uninstall Google.Chrome - Verify removal: winget list Google.Chrome - Reinstall Chrome: winget install Google.Chrome - Silent install: winget install Google.Chrome --silent - Delete leftover data: rmdir /s /q "%LocalAppData%GoogleChrome" Before executing commands, ensure Winget is available and updated, and that you have administrator privileges. Backup data by enabling Chrome Sync. Close Chrome completely before uninstalling to avoid process interference. A clean reinstall involves deleting the Chrome user data folder, which removes bookmarks, passwords, and other stored data. Winget is faster and more suitable for scripting and remote management compared to traditional uninstall methods through the Settings app or Control Panel. Common troubleshooting for Winget includes handling errors related to package recognition, installation blocks, and access issues. If uninstalling fails, terminate any running Chrome processes and retry the command. If unsuccessful, use the Settings app for removal and then Winget for reinstallation.

Tech Optimizer

November 12, 2025

Hackers hijacked antivirus features to install malware – here’s what we know

A critical vulnerability identified as CVE-2025-12480 was found in the remote file sharing platform Triofox, characterized by improper access control that allowed zero-day exploitation. Security experts from Google’s Mandiant revealed that Triofox's antivirus feature was compromised, enabling unauthorized access to setup pages post-installation. The UNC6485 threat group exploited this vulnerability using tools like Zoho Assist, AnyDesk, and SSH tunneling for remote access. A patch was released on July 26, and a newer version of Triofox was made available on October 14 to mitigate the risks, with users advised to update their systems.

Winsage

November 11, 2025

“Windows doesn’t really suck” — ex‑Microsoft engineer calls for a ‘Pro Mode’ to cut the clutter

Microsoft discontinued support for Windows 10, pushing users to upgrade to Windows 11 or use the Extended Security Updates (ESU) program. Critics view the ESU as a temporary solution. Windows 11 is reported to be up to 2.3 times faster than Windows 10, but many users are hesitant to switch due to strict hardware requirements and design issues. Approximately 400 million Windows PCs are now unsupported, raising concerns about increased electronic waste. User dissatisfaction with Windows 11 includes issues with AI integration, the Start menu, mandatory Microsoft Account usage, default browser settings, inability to remove CoPilot, frequent ads, and resource-heavy background processes. Former Microsoft engineer Dave Plummer suggested a professional mode for advanced users, proposing features like centralized settings, a default Windows terminal, transparency in telemetry, a predictable update schedule, and a paid professional mode to reduce upselling. Plummer emphasized that current frustrations stem from the user experience being compromised by aggressive marketing tactics.

Tech Optimizer

November 11, 2025

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

A critical security vulnerability (CVE-2025-12480) has been identified in Gladinet's Triofox platform, allowing attackers to bypass authentication and access sensitive configuration pages. This vulnerability has a CVSS score of 9.1 and has been exploited by a threat cluster known as UNC6485 since August 24, 2025. Despite patches issued by Gladinet, attackers created a new admin account to execute malicious code, including a batch script that downloaded tools for remote access. They used these tools for reconnaissance and privilege escalation. Mandiant recommends that Triofox users update to the latest version and audit admin accounts.

Winsage

November 5, 2025

Russian APT abuses Windows Hyper-V for persistence and malware execution

Cyber attackers used the Import-VM and Start-VM PowerShell cmdlets to introduce a virtual machine named WSL into Hyper-V. This virtual machine hosts a compact Alpine Linux environment with two implants, CurlyShell and CurlCat, identified by Bitdefender. CurlyShell uses libcurl to connect to a command-and-control server, creating a reverse shell to execute commands and return outputs. CurlCat functions as a proxy, tunneling SSH traffic through HTTP requests to evade detection by network monitoring tools.

Tech Optimizer

November 5, 2025

Hackers Are Using Linux Malware to Invisibly Bypass Windows Security

Hackers are refining tactics to evade detection by EDR systems and antivirus software, with a notable strategy being the use of Linux malware to infiltrate Windows systems. Investigations by Bitdefender and CERT-GE revealed a campaign by the Russian hacker group Curly COMrades, which exploits the Hyper-V virtualization platform on Windows 10 to create covert access channels. They utilize Alpine Linux for lightweight virtual machines that are difficult to detect, requiring only 120 MB of disk space and 256 MB of RAM. The attackers maintain persistent access using tools like Resocks and Stunnel, starting their activities in early July 2024 by activating Hyper-V on compromised systems and deploying misleading virtual machines labeled “WSL.” They introduced custom malware, CurlyShell and CurlCat, for communication and remote access. This trend of using Linux malware against Windows systems is growing, as seen in recent Qilin ransomware attacks documented by Trend Micro.