storage Archives

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

Winsage

May 5, 2026

All new features arriving in the Windows 11 May 2026 update

Microsoft will release the Windows 11 May 2026 update on May 12, 2026, as part of its regular Patch Tuesday rollout. Key features include: 1. Enhanced File Explorer with improved launch speed and persistent View/Sort preferences. 2. Haptic feedback integration for compatible input devices. 3. Xbox mode for an improved gaming experience, available to all users later this month. 4. Transformation of the Drag Tray to Drop Tray with settings relocated for easier file sharing. 5. Introduction of the Arabic 101 Legacy keyboard layout. 6. New AI agent support on the taskbar for app previews. 7. Ability to format FAT32 drives up to 2TB. 8. Updated Windows Driver policy requiring drivers to be signed through the Windows Hardware Compatibility Program. 9. Improvements to Voice Typing, allowing activation via the Voice Typing key. 10. Security changes restricting certain CMD scripts that could manipulate system files. 11. Updated Group Policy for removing default Microsoft Store packages with a dynamic list for customization.

AppWizard

May 5, 2026

Meta enhances security of WhatsApp and Messenger encrypted backups

Meta has enhanced the security and transparency of its end-to-end encrypted backup system for WhatsApp and Messenger. The improvements focus on refining the distribution and verification of encryption keys, and allow for independent audits of certain infrastructure components. The updates are based on Meta's Hardware Security Module (HSM)-based Backup Key Vault architecture, which securely stores recovery secrets in tamper-resistant hardware, ensuring that neither Meta nor cloud service providers can access users' message archives. For encrypted backups, users' devices generate a 256-bit encryption key locally, which encrypts all backup data before uploading it to cloud storage. The key remains on the device in an encrypted format, with the user's password not visible to Meta or third parties. An encrypted version of the backup key is stored in the HSM-based vault using the OPAQUE password-authenticated key exchange protocol, enhancing recovery security without revealing the password. The recent updates include an over-the-air (OTA) fleet key distribution mechanism, which avoids hardcoding trusted infrastructure keys into Messenger applications. Clients receive a “validation bundle” containing the HSM fleet's public keys during runtime, with signatures verified against Cloudflare’s Key Transparency system. The vault operates across at least seven data centers using majority-consensus replication to ensure availability and integrity. Meta plans to publish cryptographic proof of each new HSM fleet deployment, allowing advanced users and researchers to verify these deployments through the open-source “mbt” (Meta Binary Transparency) CLI tool, which conducts multiple checks to confirm that fleet keys are untampered.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 5, 2026

PlayStation 5 Linux Tested: Steam PC vs Native PS5 Games

Linux has been successfully implemented on the PlayStation 5, allowing users to run an open operating system on the console. This implementation, led by security researcher Andy Nguyen (TheFlow), utilizes an exploit for PS5 consoles with system software versions up to 4.5. Users can boot Linux from a USB or SSD, with Ubuntu 26.04 LTS providing around 15GB of usable memory. The PS5's hardware, including its Zen 2 processor and GPU, is fully accessible, with CPU speeds reaching up to 3.5GHz and GPU speeds up to 2.23GHz when boost mode is activated. However, running Linux on the PS5 presents challenges, such as sourcing a unit with the required firmware and limitations in resolution, as users cannot exceed 1080p. Performance tests showed that Linux can match the PS5's performance in some titles, but issues with memory management were noted, leading to stuttering and crashes in certain games. For example, reducing texture quality improved performance in games like Pragmata, while rendering issues were observed in Crimson Desert. The implementation allows for a unique gaming experience, but it also highlights the complexities and limitations of running Linux on a gaming console.

Winsage

May 4, 2026

Miss Windows XP or 7? Then I have a free, open-source alternative for you

ReactOS has merged its Live and Boot ISOs into a single installation image, simplifying the installation process for users. This integration allows users to test the OS in a live environment and transition to installation without needing multiple discs or USB drives. The installation process still resembles older Windows versions with a text-based setup, but a full graphical installation interface is expected in the upcoming 0.4.16 build. Additionally, ReactOS is expanding its hardware compatibility with a new ATA storage driver, enabling it to boot on a wider range of storage devices. ReactOS is currently in its alpha stage of development and is not yet suitable for everyday use.

AppWizard

May 4, 2026

Google finally explains why AICore uses so much storage

Google's AICore app enhances on-device AI capabilities for Android users, offering features like text summarization and proofreading. The app's significant storage usage is by design, as it temporarily retains both old and new versions of AI models during updates for reliability, which can lead to storage consumption of up to 11GB. This approach aims to prevent disruptions in functionality during updates. Once the new update is stable, the extra storage will be released automatically. Users are concerned about storage limitations, particularly on devices with 128GB base storage, and are advocating for a standardization of 256GB base storage for AI-enabled Android phones.

AppWizard

May 4, 2026

Google finally explains why the AICore app is eating up your storage

AICore can temporarily use large storage (up to 11GB) during updates on Android devices. Google retains both old and new AI models for up to three days as a fail-safe during these updates. The storage used is automatically freed once the new AI model is confirmed stable.

Tech Optimizer

May 4, 2026

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to their removal from Windows systems globally. This issue arose after a Defender signature update on April 30th, with affected certificates including 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. The certificates were removed from the AuthRoot store under the Registry key HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates. Microsoft has addressed the issue in Security Intelligence update version 1.449.430.0, which also restored the removed certificates. The false positives were linked to detections related to a recent DigiCert breach, where threat actors obtained valid code-signing certificates used for signing malware. DigiCert revoked 60 code-signing certificates, including those linked to the "Zhong Stealer" malware campaign. The malware utilized certificates issued to companies like Lenovo and Kingston, but the certificates flagged by Microsoft Defender are root certificates and do not correspond to the revoked code-signing certificates.

AppWizard

May 4, 2026

Xteink S4 is running Android and will support sideloaded apps

The Xteink S4 e-reader has launched in China and will be released internationally soon. It operates on Google Android, allowing users to sideload e-reading apps like Kindle and KOBO. The retail price is projected to be budget-friendly. Key specifications include a 4.3-inch display, Android 11, 2GB RAM, 32GB storage, adjustable front light, USB-C charging, Wi-Fi and Bluetooth connectivity, and a 1400mAh battery, all in a lightweight design of 95g. The Xteink S4 is designed to address issues from previous models, particularly the S3 and X4, which faced problems with jailbreaking that led to screen damage and warranty returns. The new Android framework allows for user customization, aiming to enhance the reading experience and reduce technical issues.