TLS Archives

AppWizard

January 16, 2026

Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026

The past year saw a 45% increase in new vulnerabilities targeting Android. By the end of 2024, there are projected to be 2.87 million apps on Google Play, with 66% of American employees using personal smartphones for work. Mobile applications are responsible for 70% of digital interactions, and vulnerabilities in these apps contributed to approximately 40% of data breaches involving personal data in 2023. Effective Android App Vulnerability Scanners analyze app security by identifying insecure local storage, hardcoded credentials, weak cryptography, insecure network configurations, broken authentication flows, and misconfigured components. AI-powered scanners, like AutoSecT, can autonomously generate new scanning protocols quickly, detect zero-day vulnerabilities, automate penetration testing, and operate with near-zero false positives.

Winsage

January 6, 2026

These 3 Windows file managers made me ditch File Explorer

The text discusses three free file managers that enhance file management capabilities for Windows users: 1. Total Commander: - Dual windows with drag-and-drop support - Side panels for navigation - Built-in tools for batch renaming and archiving - FTP client integration - Favorites for quick access - Comprehensive file operations (copy, move, delete, rename) - File comparison with a built-in text editor - Folder synchronization - Encoding and decoding options - Full-text and duplicate file search - Customizable layout and toolbar - Background downloading support - Secure FTP over SSL/TLS 2. OneCommander: - Custom rendering and DirectX support - Session-saving tabs - Dual-pane view - Choice between Miller-Columns navigation and standard layout - Dark and light themes - User-editable icons - Built-in file preview capabilities - Support for long Unicode paths - Organized favorites into project groups - Quick filtering options - Adaptive view and dynamic columns - File Automator for advanced renaming and conversion 3. FileVoyager: - Dual-pane interface - Multiple browsing modes (report and thumbnail) - Comprehensive file operations - Support for numerous compression formats - Multimedia playback for audio and video - Folder synchronization and file comparison tools - Quick preview for any file format - Support for viewing ebooks and comic book files - Syntax highlighting for source code - Display files in flat or hexadecimal format All three file managers are available for free, with OneCommander offering a Pro version for additional features.

Winsage

December 19, 2025

Microsoft Phases Out RC4 Encryption by 2026 to Bolster Windows Security

Microsoft has announced the phased discontinuation of the RC4 encryption cipher, with full implementation expected by mid-2026. RC4, created in 1987, has been increasingly recognized as a vulnerability, exploited in various high-profile cyberattacks. Microsoft plans to disable RC4 by default in Windows Kerberos authentication, encouraging organizations to transition to more secure alternatives like AES-256. This decision follows years of warnings from the cybersecurity community and aims to eliminate long-standing cryptographic weaknesses. The transition will require organizations to audit and upgrade their infrastructures, as many legacy applications still depend on RC4. Disabling RC4 is expected to reduce the success rates of attacks exploiting weak encryption. Microsoft has introduced tools to help administrators identify hidden RC4 usage. The change reflects a commitment to zero-trust architectures and aligns with recommendations from organizations like NIST. Experts recommend a multi-step approach for organizations to navigate this transition effectively.

AppWizard

November 14, 2025

Malicious Android Photo Frame App Gives Hackers Full Device Control Without User Action

A security assessment has revealed that digital photo frames using Uhale technology are vulnerable to a new class of malicious Android applications that can take control of devices without user interaction. The pre-installed Uhale app can silently download and execute malware during device booting or software updates due to insecure connections and improper certificate verification. Attackers can intercept network traffic to execute remote code with a critical CVSS score of 9.4, allowing access to private photos and the potential to create botnets. Many affected devices run outdated Android versions (6.0/6.0.1) with SELinux disabled and rooted by default, facilitating privilege escalation and persistent malware installation. Additionally, the Uhale app's unsecured local network file transfer feature allows attackers on the same network to send malicious files or delete files without user consent. Researchers emphasize the need for improved software security in consumer electronics, urging manufacturers to adopt modern Android builds and enforce security protocols. Users are advised to disconnect or update their devices to mitigate risks.

AppWizard

November 14, 2025

Android Photo Frame App Infects Devices With Malware, Allows Full Remote Takeover

A recent investigation revealed significant security vulnerabilities in Android-powered digital photo frames, particularly those using the Uhale app (version 4.2.0). These vulnerabilities allow preinstalled applications to autonomously download and execute malware, granting remote attackers complete control of the device without user interaction. The malware is sourced from infrastructure linked to China, with domains like dc168888888.com and webtencent.com distributing malicious content. Many antivirus applications inadequately detect these threats. The Uhale app has high-risk vulnerabilities, including insecure HTTPS trust management and insufficient input validation, enabling remote code execution with root access. Brands associated with Uhale include BIGASUO, Canupdog, Euphro, and others. Exploits can lead to data exfiltration, access to private photos, and further attacks within home and enterprise environments. Technical oversights include outdated Android 6 firmware, disabled SELinux, weak cryptographic protections, and lack of authentication for incoming file transfers. Compromised frames can serve as surveillance tools or points for data exfiltration, posing risks to both home and enterprise networks. Users are advised to disconnect affected frames and monitor for unusual behavior.

Winsage

November 5, 2025

Curly COMrades abuse Hyper-V for covert malware operations in VMs

Bitdefender researchers have identified advanced techniques used by the Curly COMrades threat actor, believed to have Russian backing, to exploit Microsoft’s Hyper-V virtualization platform. This group activates Hyper-V on compromised systems to deploy a lightweight virtual machine (VM) running Alpine Linux, which hosts malware tools CurlyShell and CurlCat. The operation began in early July with commands that activated Hyper-V and prepared the environment for the VM, using deceptive file names to avoid detection. The Alpine Linux VM is customized for each victim, allowing the attackers to maintain a low profile while facilitating reverse shell and proxy activities. The VM routes traffic through the host's network, masking communications as originating from the legitimate host IP. CurlyShell acts as a persistent reverse shell, while CurlCat manages SSH traffic tunneling, utilizing a private key for authentication. The attackers also employ various proxy and tunneling tools and utilize PowerShell scripts for tasks such as injecting Kerberos tickets into LSASS for lateral movement and creating local accounts to ensure ongoing access. Their command and control infrastructure involves compromised servers that relay traffic between infected hosts and the attackers' servers, with measures taken to limit forensic evidence. To detect and mitigate these threats, Bitdefender emphasizes the need for host-based network inspection and hardening, as well as monitoring for abnormal access to the LSASS process and suspicious Kerberos ticket activities. The findings indicate a shift in threat actor tactics towards using virtualization for stealth and persistence, highlighting the need for layered security measures.

AppWizard

October 25, 2025

OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk?

Mobile applications account for 70% of global interactions, with over 6.8 billion smartphone users. In 2023, 40% of data breaches are linked to vulnerabilities in mobile applications. The OWASP Mobile Top 10 outlines critical security risks for mobile apps, including: 1. Improper Credential Usage: Mishandling of passwords and session tokens. 2. Inadequate Supply Chain Security: Risks from unverified third-party components. 3. Insecure Authentication/Authorization: Failures in verifying user identities. 4. Insufficient Input/Output Validation: Lack of checks on incoming and outgoing data. 5. Insecure Communication: Unprotected data during transmission. 6. Inadequate Privacy Controls: Poor safeguards for personal data. 7. Insufficient Binary Protections: Lack of defenses against reverse engineering. 8. Security Misconfiguration: Improperly secured application settings. 9. Insecure Data Storage: Weak protection of sensitive information on devices. 10. Insufficient Cryptography: Use of weak or improperly implemented encryption. AutoSecT, an AI-driven mobile app security testing platform, detects these risks through various methods, including static code analysis, software composition analysis, and dynamic testing. It helps developers identify and mitigate vulnerabilities effectively.

Winsage

October 23, 2025

Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers

Mark your calendars for this Friday's Super Cyber Friday, featuring the session titled "Hacking the Death of EDR." Russian state-sponsored hacking group Coldriver has introduced three new malware strains: NOROBOT, YESROBOT, and MAYBEROBOT, following the exposure of their previous tool, LostKeys. The new malware is designed to evade detection and extract sensitive data from high-value targets. Microsoft has acknowledged that Windows updates released since August 29th are causing login failures on systems with duplicate Security Identifiers (SIDs), leading to authentication failures. Microsoft recommends rebuilding affected systems or contacting support for a temporary fix. Kaspersky researchers have identified a likely Chinese-speaking threat actor behind the “PassiveNeuron” campaign, targeting government, financial, and industrial servers across Asia, Africa, and Latin America since 2024, using custom implants and Cobalt Strike. CISA has added high-severity vulnerabilities in Oracle E-Business Suite, Microsoft Windows SMB Client, Kentico Xperience CMS, and Apple JavaScriptCore to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by November 10th. Researchers from France's CEA and Soitec have unveiled a new chip architecture called Fully Depleted Silicon-on-Insulator, designed to defend against laser fault injection attacks on automotive microcontrollers. During Pwn2Own Ireland 2025, researchers exploited 34 zero-days across various devices, earning a total of 2,500 in rewards, with Team DDOS chaining eight zero-days to compromise a QNAP router and NAS. Koi Security researchers discovered a new self-propagating malware named GlassWorm, which has infected approximately 36,000 developer systems by exploiting Visual Studio Code extensions, pilfering credentials, and installing remote access tools. PolarEdge is a botnet malware targeting Cisco, ASUS, QNAP, and Synology routers, first detected in February, which installs a TLS-based backdoor to fingerprint hosts and execute tasks while employing anti-analysis techniques.

Tech Optimizer

October 10, 2025

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation revealed that a Python-based infostealer campaign led to the deployment of PureRAT, a sophisticated remote access trojan (RAT). The campaign began with a phishing email containing a ZIP archive that included a legitimate PDF reader executable and a malicious DLL. The DLL executed a series of payloads, including a Python info-stealer that harvested sensitive data and exfiltrated it via the Telegram API. The attack progressed to a .NET executable, which employed techniques like process hollowing and evasion tactics to load additional payloads. The final payload, Mhgljosy.dll, was identified as PureRAT, which established an encrypted command-and-control (C2) channel and allowed for extensive control over the compromised host. The C2 server was traced to Vietnam, suggesting a connection to the PXA group. The malware's functionality included host fingerprinting, command execution, and potential access to sensitive information and resources. Indicators of compromise included specific file hashes, registry keys, and IP addresses associated with the C2 server.

AppWizard

October 1, 2025

Minecraft Java Edition 1.21.9

The Minecraft Server Management Protocol has introduced a server management API using JSON-RPC over WebSocket for dedicated servers, which is initially disabled and can be activated via the server.properties file. The API allows querying and updating server states, including player information and game rules, and sends notifications about state changes. An API schema can be obtained through a specific method call, and the API adheres to JSON-RPC 2.0 specifications with namespaced methods. Clients must authenticate using a bearer token, and TLS is enabled by default for secure communication. Unsent chat messages are now saved as Chat Drafts if the chat closes unexpectedly, with an option to save drafts by default. A Code of Conduct screen is now mandatory upon connecting to a server, with a new boolean field in the server.properties file to enable it. Accessibility features include toggleable key binds and options for mouse settings, while performance improvements have been made to rendering and loading mechanics.