System Information Archives

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.

Winsage

April 16, 2026

Windows 11’s April update is locking some users out of their PCs

Users have reported issues with Windows 11 update KB5083769, which has triggered BitLocker recovery key prompts, locking some users out of their PCs. Microsoft acknowledged that the problem mainly affects corporate devices with specific BitLocker Group Policy settings. The issue is limited to systems where BitLocker is enabled, certain Group Policy configurations are set, and the Secure Boot State PCR7 Binding is “Not Possible.” Affected users need to enter their BitLocker recovery key or contact IT support for assistance. Microsoft has also provided guidance for IT departments to perform a Known Issue Rollback to remove the problematic updates, though this may expose systems to vulnerabilities.

Winsage

April 16, 2026

Microsoft: April updates trigger BitLocker key prompts on some servers

Microsoft announced that certain Windows Server 2025 devices may experience a BitLocker recovery prompt after installing the April 2026 KB5082063 Windows security update. The recovery mode will be triggered under specific conditions: BitLocker must be enabled on the operating system drive, the Group Policy for TPM validation must be configured with PCR7, the Secure Boot State PCR7 Binding must indicate "Not Possible," the Windows UEFI CA 2023 certificate must be in the Secure Boot Signature Database, and the device must not be using the 2023-signed Windows Boot Manager. Microsoft stated that this issue is unlikely to affect personal devices, as the configurations are mainly found in enterprise-managed systems. They are working on a resolution and recommend administrators remove the Group Policy configuration before deploying the update. If removal is not possible, applying a Known Issue Rollback (KIR) is advised to prevent triggering the recovery prompt. Microsoft has previously addressed similar BitLocker recovery prompt issues in May 2025, August 2024, and August 2022.

Winsage

March 31, 2026

Fastfetch 2.61 System Information Tool Drops Windows 7 and 8 Support

Fastfetch version 2.61 has been released, discontinuing support for Windows 7 and 8, with Windows 8.1 as the oldest supported version. The GPU module on Windows now uses DXCore for improved detection accuracy, available only on Windows 10 and later. In the Windows Subsystem for Linux (WSL), the GPU module has been optimized for speed but may have reduced accuracy due to the removal of directx-headers. On Linux, Fastfetch has transitioned to a pure C implementation, enhancing performance and simplifying the build process. New features include a brightness option for color display, detection of Bluetooth keyboards on Linux, display of empty memory slots, support for GlazeWM detection, identification of marketing product names on Asahi Linux, and recognition of M5-based Mac models on macOS. Improvements in hardware detection and system reporting have been made across all platforms, with enhanced SMBIOS data handling and reliability for Intel-based Macs. Stability improvements for terminating child processes on Windows have also been implemented. Critical fixes address missing memory device reporting, CPU cache deduplication issues, accurate window manager version reporting for niri, SSID decoding problems, and a Windows-specific issue affecting the command prompt code page.

Winsage

March 1, 2026

Windows 11’s February Insider update adds new features — but which ones actually matter? Here are the 11 biggest.

Microsoft has released enhancements to Windows 11 in build 26300.7877, including: - Modern content menu improvements, showing application icons for specific file types when right-clicked. - Updates to File Explorer with dark mode improvements for the Folder Options dialog. - Changes to the Settings app for better clarity and usability. - A redesigned "About" settings page focusing on key hardware specifications. - Introduction of the Cross-Device Resume feature, allowing users to resume applications from Android devices on Windows 11. - New customization options for the Narrator tool, enabling users to select which properties are read aloud. - Windows Hello now supports external biometric fingerprint readers for enhanced security. - Voice Typing updates allowing users to set a wait time before executing voice commands. - Redesigned SCOOBE page for a streamlined setup process. - Expansion of the AI agent in the Settings app to support additional languages. - Quick Machine Recovery feature enabled by default on Windows 11 Pro editions. - Camera support for pan and tilt settings accessible from device properties. - A new network speed test feature available from the Taskbar. - Improvements to the Widgets dashboard with a new settings page. Additionally, changes from build 28020.1619 are related to version 26H1, designed for new ARM64 hardware expected in 2026, and the Canary Channel has been divided into two paths for different versions.

Tech Optimizer

February 16, 2026

Researchers Uncover OysterLoader, an Advanced Obfuscated Loader Powering Rhysida Attacks

OysterLoader, a sophisticated malware loader also known as Broomstick and CleanUp, has emerged as a significant threat since mid-2024. It is a multi-stage downloader linked to ransomware attacks and data theft, particularly associated with the Rhysida ransomware group. Written in C++, it infiltrates systems through malicious websites that impersonate legitimate software download platforms, tricking victims into executing a signed Microsoft Installer (MSI) that launches the malware. OysterLoader employs a four-stage infection chain designed to evade detection. The first stage uses a packer named TextShell to load hidden code into memory, creating an illusion of legitimacy through harmless Windows API calls. The second stage decompresses a concealed payload using a modified LZMA algorithm. The third stage functions as a downloader and environment tester, establishing contact with its command-and-control (C2) server via HTTPS. In the final stage, OysterLoader installs a malicious DLL that executes every 13 minutes through the Windows Task Scheduler, communicating with multiple hardcoded servers and transmitting critical system information. The malware uses customized Base64 encoding and variable communication endpoints to evade detection. Its primary objective is to ensure persistence and facilitate the delivery of additional payloads, including ransomware and credential stealers. Security analysts predict that OysterLoader will remain a formidable threat through 2026, particularly for organizations downloading administrative tools from unverified sources. Indicators of Compromise (IOC): - Mutex: h6p#dx!&fse?%AS! - Task: COPYING3 (rundll32 DllRegisterServer) - C2 Domain: grandideapay[.]com/api/v2/facade - RC4 Key: vpjNm4FDCr82AtUfhe39EG5JLwuZszKPyTcXWVMHYnRgBkSQqxzBfb6m75HZV3UyRY8vPxDna4WC2KMAgJjQqukrFdELXeGNSws9SBFXnYJ6ExMyu97KCebD5mTwaUj42NPAvHdkGhVtczWgfrZ3sLyRZg4HuX97AnQtK8xvpLU2CWDhVq5PEfjTNz36wdFasecBrkGSDApf83d6NMyaJCsvcRBq9ZYKthjuw5S27EVzWrPHgkmUxFL4bQSgMa4F - IP: 85.239.53.66

AppWizard

February 12, 2026

Epic Games brings Secure Boot and TPM to competitive Fortnite — most players unaffected by new measures

Epic Games has mandated enhanced security measures for participation in all Fortnite tournaments, requiring players to enable TPM, Secure Boot, and virtualization-based security. This follows a previous requirement for FNCS events, which necessitated an account level of 350 or higher. The company is focused on maintaining fairness in the game and has taken legal action against cheating, including lawsuits against those selling cheats and stolen accounts. Players must ensure their systems meet these security requirements to compete in tournaments.

Winsage

February 11, 2026

This Smartphone Lets You Use Windows, But Is Far From A New Windows Phone

Microsoft discontinued Windows Phone in 2017, a decision regretted by CEO Satya Nadella. Nex Computer is now taking pre-orders for the NexPhone, which aims to run Android, Linux, and Windows 11. The device features a custom Mobile UI designed for touch interactions, reminiscent of Windows Phone. When connected to an external display, it offers full Windows 11 capabilities but lacks cellular connectivity in Windows mode. The NexPhone is not intended to replace primary smartphones but serves as a secondary option with mid-range performance, powered by Qualcomm's DragonWing QCM6490 chip, 12GB of RAM, and 512GB of storage. It operates on Windows for Arm, which may present compatibility issues. While in Windows mode, cellular calling and SMS functions are unavailable, requiring users to switch to Android for those features. The device has a rugged design with military-grade build quality, a 120 Hz 6.58-inch display, a 64 MP main camera, and a 5,000 mAh battery, priced at 9.

Winsage

February 10, 2026

10 open-source apps I recommend every Windows user download

Open-source software provides flexibility and control for users, particularly on Windows. Notable applications include: 1. LibreOffice: A comprehensive office suite with a customizable interface, supports MS Office formats, and is free to download. 2. Flow Launcher: A file search and application launcher that enhances efficiency, customizable, and free to use. 3. Duplicati: A zero-trust backup solution with encryption and scheduling features, free for personal use. 4. Nextcloud: An open-source cloud service for file storage and collaboration, free to install on Windows. 5. Franz: Consolidates multiple messaging platforms into one interface, free to install and use. 6. YAZB: Allows users to create custom top bars for system information and quick access controls, enhancing the user experience. 7. File Converter: Simplifies file conversion and compression within the Windows file manager, available for free. 8. Bitwarden: A password management tool with a free version and additional paid features for collaboration. 9. AutoHotKey: Automates tasks on Windows through scripting, free to install and use. 10. Ollama: An open-source AI interaction tool that prioritizes privacy, free to use on Windows.

Winsage

January 31, 2026

Microsoft explores bringing Linux-like top menu bar to Windows 11 with new PowerToys feature

The PowerToys team at Microsoft is developing a new feature that introduces a menu bar for the Windows desktop, providing glanceable system information and music controls. This dock can be pinned to any edge of the screen and allows users to pin existing PowerToys extensions without code modifications. It can be enabled from Command Palette settings and aims to enhance quick awareness of system metrics like RAM usage and CPU temperatures. User feedback is encouraged to shape its development, and developers can test this feature in a dedicated branch, although it is not yet part of the main PowerToys release.