storage Archives

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

BetaBeacon

May 6, 2026

North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.

Winsage

May 6, 2026

Microsoft enables Hotpatching by default: Windows updates without restarts become a reality

Beginning in May 2026, Microsoft will introduce Hotpatching as a default feature for compatible systems, allowing security updates to be applied without requiring a restart. Hotpatching updates code directly in the memory of running processes, enabling selective updates without interrupting the entire system. It does not replace monthly security updates but alters their activation process on eligible systems, categorized as security updates within the monthly B releases. Eligible systems must be running Windows 11 version 24H2 or newer and possess suitable licenses such as Enterprise, Education, Microsoft 365, or Windows 365. Management of these updates will be facilitated through Windows Autopatch or Microsoft Intune. Microsoft will continue to utilize baseline updates that require a restart, which will alternate with Hotpatch months. Hotpatching aims to reduce the frequency of restarts tied to security updates, particularly benefiting environments where uptime is critical. However, planned restarts will still be necessary, and robust telemetry and maintenance practices will be needed to ensure smooth operation.

Winsage

May 6, 2026

Microsoft’s Windows 11 update just fixed memory leaks, slow startup, and File Explorer bugs

Microsoft released the April 2026 optional preview update (KB5083631) for Windows 11, targeting versions 24H2 and 25H2. This update resolves the "white flash" bug in File Explorer, overhauls its codebase, and preserves user settings for View and Sort preferences. It improves the reliability of the explorer.exe process, optimizes the Delivery Optimization service to reduce memory leaks, and enhances the boot sequence for faster startup. The update lifts the FAT32 formatting limit from 32GB to 2TB. It also includes reliability improvements for the Taskbar, fixes for Microsoft Store download errors, resolves a Windows Hello fingerprint data loss issue, enhances Remote Desktop scaling, ensures color profile consistency, and improves the Fluid Dictation feature. The comprehensive improvements will be included in the mandatory Patch Tuesday update on May 12, 2026.

TrendTechie

May 5, 2026

Выпуск qBittorrent 5.2.0

qBittorrent 5.2.0 was released on May 3, 2026, as an open-source torrent client developed with the Qt toolkit. It is available for Linux, Windows, and macOS, and its source code is on GitHub under the GPLv2+ license. The project started with version 4.0 in November 2017, followed by versions 5.0 in September 2024 and 5.1 in April 2025. Key features include an integrated search engine, RSS feed subscription, remote management, and advanced torrent settings. Version 5.2.0 includes enhancements such as an advanced tracker status filter, removal of subcategory restrictions, asynchronous block calculations, reduced resume times for paused downloads, configurable RSS feed refresh times, SOCKS4/SOCKS4a proxy support for the search engine, and various improvements to the web interface and user customization options. Support for builds with Qt 6.5 has been discontinued.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

Winsage

May 5, 2026

All new features arriving in the Windows 11 May 2026 update

Microsoft will release the Windows 11 May 2026 update on May 12, 2026, as part of its regular Patch Tuesday rollout. Key features include: 1. Enhanced File Explorer with improved launch speed and persistent View/Sort preferences. 2. Haptic feedback integration for compatible input devices. 3. Xbox mode for an improved gaming experience, available to all users later this month. 4. Transformation of the Drag Tray to Drop Tray with settings relocated for easier file sharing. 5. Introduction of the Arabic 101 Legacy keyboard layout. 6. New AI agent support on the taskbar for app previews. 7. Ability to format FAT32 drives up to 2TB. 8. Updated Windows Driver policy requiring drivers to be signed through the Windows Hardware Compatibility Program. 9. Improvements to Voice Typing, allowing activation via the Voice Typing key. 10. Security changes restricting certain CMD scripts that could manipulate system files. 11. Updated Group Policy for removing default Microsoft Store packages with a dynamic list for customization.

AppWizard

May 5, 2026

Meta enhances security of WhatsApp and Messenger encrypted backups

Meta has enhanced the security and transparency of its end-to-end encrypted backup system for WhatsApp and Messenger. The improvements focus on refining the distribution and verification of encryption keys, and allow for independent audits of certain infrastructure components. The updates are based on Meta's Hardware Security Module (HSM)-based Backup Key Vault architecture, which securely stores recovery secrets in tamper-resistant hardware, ensuring that neither Meta nor cloud service providers can access users' message archives. For encrypted backups, users' devices generate a 256-bit encryption key locally, which encrypts all backup data before uploading it to cloud storage. The key remains on the device in an encrypted format, with the user's password not visible to Meta or third parties. An encrypted version of the backup key is stored in the HSM-based vault using the OPAQUE password-authenticated key exchange protocol, enhancing recovery security without revealing the password. The recent updates include an over-the-air (OTA) fleet key distribution mechanism, which avoids hardcoding trusted infrastructure keys into Messenger applications. Clients receive a “validation bundle” containing the HSM fleet's public keys during runtime, with signatures verified against Cloudflare’s Key Transparency system. The vault operates across at least seven data centers using majority-consensus replication to ensure availability and integrity. Meta plans to publish cryptographic proof of each new HSM fleet deployment, allowing advanced users and researchers to verify these deployments through the open-source “mbt” (Meta Binary Transparency) CLI tool, which conducts multiple checks to confirm that fleet keys are untampered.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 5, 2026

PlayStation 5 Linux Tested: Steam PC vs Native PS5 Games

Linux has been successfully implemented on the PlayStation 5, allowing users to run an open operating system on the console. This implementation, led by security researcher Andy Nguyen (TheFlow), utilizes an exploit for PS5 consoles with system software versions up to 4.5. Users can boot Linux from a USB or SSD, with Ubuntu 26.04 LTS providing around 15GB of usable memory. The PS5's hardware, including its Zen 2 processor and GPU, is fully accessible, with CPU speeds reaching up to 3.5GHz and GPU speeds up to 2.23GHz when boost mode is activated. However, running Linux on the PS5 presents challenges, such as sourcing a unit with the required firmware and limitations in resolution, as users cannot exceed 1080p. Performance tests showed that Linux can match the PS5's performance in some titles, but issues with memory management were noted, leading to stuttering and crashes in certain games. For example, reducing texture quality improved performance in games like Pragmata, while rendering issues were observed in Crimson Desert. The implementation allows for a unique gaming experience, but it also highlights the complexities and limitations of running Linux on a gaming console.