threat Archives

AppWizard

March 2, 2026

Best Secure and Encrypted Messaging Apps in 2026

Your text messages and calls can be intercepted by hackers, corporations, and government entities, putting your private information at risk. Corporations may use your messages for targeted advertising or sell your data, while hackers may exploit it for identity theft or fraud. Governments may monitor communications under the guise of national security. Secure messaging apps are essential to protect your communications, as many default options expose sensitive information through metadata or lack proper security. Signal is recognized as the most secure messaging app, offering end-to-end encryption, being open-source, and free of charge, though it requires a phone number for registration. Threema allows complete anonymity without data collection but has no free version. Telegram, while popular, has security concerns as not all communications are end-to-end encrypted by default. WhatsApp and Keybase are discouraged due to ownership issues affecting privacy. Characteristics to look for in a secure messaging app include end-to-end encryption, third-party testing, open-source code, self-destructing messages, and minimal user data collection.

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Winsage

March 2, 2026

NTLM is going away: what Microsoft’s phaseout means for MSPs and IT teams

The migration from NTLM to Kerberos authentication is essential for improving security in Windows systems, but it faces challenges such as legacy systems and hardcoded authentication. Organizations must identify NTLM usage, conduct testing with NTLM disabled, and make necessary adjustments or upgrades to migrate successfully. Ongoing monitoring is crucial post-migration to prevent NTLM from re-entering the network. NTLM is associated with significant security vulnerabilities and has been exploited by various threat groups, making its elimination a priority for organizations despite potential hesitations to invest in the migration process. Transitioning to Kerberos is seen as a strategic security investment.

Tech Optimizer

March 1, 2026

Surfshark is one of the few VPNs to offer a real antivirus solution

Users are increasingly focused on the effectiveness of their security software alongside the number of streaming services they use. Leading VPN providers are responding by offering comprehensive packages that combine VPN capabilities with antivirus features. Surfshark has introduced Surfshark One, which integrates its VPN service with proprietary antivirus software. This solution is designed to provide a comprehensive cybersecurity experience within a single application. To access the antivirus feature, users must subscribe to the Surfshark One plan, which offers quick and full scans, customizable scanning options, and scheduled scans. Detected threats are quarantined and deleted after 60 days. The antivirus includes Cloud Protect for continuous defense against malware, updating its database every three hours, and provides 24/7 malware protection. Surfshark One also includes additional tools such as Alternative ID for safeguarding user information, Surfshark Alert for notifications about compromised sensitive information, and Surfshark Search for ad-free browsing. Surfshark's VPN offers access to over 4,500 servers and supports unlimited devices. Surfshark One differs from other VPN packages by providing essential tools for post-compromise care and customizable security settings. Competitors like ExpressVPN and NordVPN offer tiered pricing structures with advanced security features in higher-tier plans. To acquire Surfshark One, users can visit the Surfshark website and choose from various subscription plans. The cost difference between the Surfshark Starter plan and Surfshark One is minimal, with Surfshark One starting at .49 per month. Surfshark One+ includes additional features like personal data removal and identity theft coverage. Only a few providers currently offer both VPN and antivirus capabilities, including Surfshark, Private Internet Access, and CyberGhost.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

February 27, 2026

De-Enshittify Windows 11: Make Windows 11 More Secure ⭐

Windows 11 offers a mix of security and privacy features, with a recommendation for users to opt for a Copilot+ PC with a Qualcomm Snapdragon X-series processor for enhanced security. Most users log in with a Microsoft account, which provides benefits such as two-factor authentication, device-bound passkeys, account recovery options, and automatic disk encryption. However, using a local account poses security risks, including limited recovery options and lack of support for key security features. To secure Windows 11, users should take several steps during initial setup or later, including enabling Windows Security features, verifying device encryption, and enhancing sign-in security through Windows Hello options like facial and fingerprint recognition. Additional security features such as Controlled Folder Access and Smart App Control can be configured for better protection. Users are advised to remove unnecessary third-party security apps and keep Windows 11 and installed applications up-to-date to maintain security. Regular updates and proper configuration of Windows Update settings are also essential for preventing disruptions and ensuring data safety.

Tech Optimizer

February 26, 2026

Avast Antivirus Just Got Smarter: Is It Finally Worth Your Money?

Avast Antivirus has introduced advanced AI tools, enhanced browser protection, and new privacy features in the U.S. market. It offers real-time malware protection, phishing shields, and Wi-Fi scanning. Avast's product lineup includes a free version, a premium security plan, and Avast One, catering to different user needs. Independent lab tests show Avast ranks highly in malware blocking, competing with brands like Bitdefender and Kaspersky. However, users should be cautious of upselling practices and data collection concerns. The free version provides strong protection, while paid plans offer additional features like VPN and advanced ransomware protection. Avast is accessible on various platforms, and pricing fluctuates due to promotions. Users are advised to assess their needs and be mindful of renewal rates before subscribing.

Winsage

February 26, 2026

Microsoft Won’t Kill Support For Your Legacy Printer In Windows 11 After All

Microsoft has confirmed that if an older printer is currently functioning within the Windows ecosystem, it will continue to do so for the foreseeable future. The company clarified that it has not ended support for legacy printer drivers, despite earlier indications that V3 and V4 drivers would no longer be supported starting in January. However, as of January 15, 2026, new legacy drivers will be approved on a case-by-case basis for Windows Update.

AppWizard

February 25, 2026

This Guy Built One Piece’s Marineford In Minecraft…In Hardcore

A YouTuber named stan616 spent nearly 80 days recreating Marineford from One Piece in Minecraft's Hardcore mode, using over 1,187,773 blocks. Unlike Creative mode, Hardcore mode requires players to mine, harvest, and craft every block, facing threats from aggressive mobs that can lead to complete loss of progress upon death. To aid his project, stan616 used schematics to design blueprints in Creative mode, which were then exported into Hardcore mode. He documented his journey in a 90-minute video, highlighting the risks and challenges he encountered. The completed build is available for purchase on his Patreon for .00.