traffic Archives

Tech Optimizer

February 11, 2026

Hackers Used Hugging Face to Distribute Android Banking Trojans

Cybersecurity researchers have identified a malware campaign that exploited Hugging Face's AI infrastructure to distribute Android banking trojans. The attackers used a deceptive app called TrustBastion, which tricked users into installing what appeared to be legitimate security software. Upon installation, the app redirected users to an encrypted endpoint that linked to Hugging Face repositories, allowing the malware to evade traditional security measures. The campaign generated new malware variants every 15 minutes, resulting in over 6,000 commits in about 29 days. It infected thousands of victims globally, particularly in regions with high smartphone banking usage but lower mobile security awareness. The operation is believed to be linked to an established cybercriminal group. Security experts warn that this incident highlights vulnerabilities in trusted platforms and calls for improved security measures, including behavioral analysis systems and verification of application authenticity. The incident has also sparked discussions about the need for enhanced security protocols for AI platforms.

Tech Optimizer

February 10, 2026

GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection

GuLoader, also known as CloudEye, is a downloader malware that has been active since late 2019, primarily used to fetch and install secondary malware like Remote Access Trojans (RATs) and information stealers. It employs legitimate cloud services such as Google Drive and Microsoft OneDrive to host its malicious payloads, allowing it to evade detection by security tools. GuLoader utilizes advanced techniques including polymorphic code, which alters its appearance to avoid static detection signatures, and exception-based control flow to confuse analysis tools. Over the years, GuLoader has refined its tactics, including the use of software breakpoints and various exception types to redirect its operations. It also employs dynamic XOR encryption to obfuscate internal data, making it difficult for analysts to extract URLs. The malware's continuous evolution poses ongoing challenges for security researchers. Indicators of Compromise (IOCs) include specific hash values for different versions of GuLoader from 2022 to 2024.

AppWizard

February 10, 2026

Moscow chokes Telegram as it pushes state-backed rival app

Russia's internet regulatory body, Roskomnadzor, is throttling Telegram for alleged national law violations, part of a broader strategy to promote a controlled domestic online service. The Russian government threatens internet platforms with slowdowns or bans for non-compliance with laws that require Russian user data to be stored domestically and prevent use for "criminal and terrorist purposes." Critics view these regulations as a means for increased state control and surveillance. Roskomnadzor plans to introduce phased restrictions on Telegram, which is widely used in Russia. Moscow is promoting a state-backed competitor, Max, that offers additional services. Users experienced slow traffic on Telegram following the announcement. Pavel Durov, Telegram's founder, has faced tension with Russian authorities and legal troubles in France related to allegations against Telegram, although travel restrictions were lifted in July 2025.

AppWizard

January 31, 2026

Google takes down an invisible network that was secretly using your phone’s internet

Google has dismantled the IPIDEA residential proxy network, which had exploited millions of devices for cybercrime. This operation resulted in the liberation of approximately nine million Android devices and the removal of hundreds of compromised applications. IPIDEA's infrastructure was integrated into various software development kits (SDKs), allowing it to covertly enlist devices into its proxy pool. Google updated its Play Protect system to identify and eliminate affected applications and collaborated with partners to disrupt the network's underlying systems. The efforts led to a significant decrease in hijacked devices available for exploitation.

Tech Optimizer

January 30, 2026

NordVPN blocks 92% malicious sites in independent phishing test

NordVPN successfully blocked 92% of phishing websites in an evaluation by AV-Comparatives, highlighting the effectiveness of its anti-malware tool, Threat Protection Pro. The assessment, conducted from January 7 to January 19, 2026, analyzed 250 phishing URLs, with NordVPN's Threat Protection Pro ranking fourth among tested products. The tool is designed to protect users from various online threats and operates at the network level, scanning traffic directly on the user's device. Threat Protection Pro is available to higher-tier subscribers on the Plus, Complete, and Ultra plans, and is compatible with Windows and macOS. Despite slipping from previous podium finishes, Threat Protection Pro has consistently ranked high in evaluations and was the first VPN service to receive AV-Comparatives' approval for anti-phishing protection in 2024. It also received accolades from AV-TEST and West Coast Labs for its phishing detection capabilities.

Winsage

January 30, 2026

Microsoft Adds Centralized RDP Shortpath Control via GPO and Intune

Microsoft has enhanced the management of Remote Desktop Protocol (RDP) Shortpath, now available through Group Policy Objects (GPO) and Microsoft Intune, allowing IT teams to implement centralized control over RDP Shortpath behavior across Azure Virtual Desktop (AVD) session hosts and Windows 365 Cloud PCs. RDP Shortpath improves performance and reliability by establishing a direct, UDP-based network connection, reducing latency and enhancing responsiveness for audio and video applications. Prior to this update, managing RDP Shortpath was fragmented, requiring manual adjustments on individual session hosts, which complicated consistent networking behavior. The new centralized configuration allows administrators to enforce Shortpath settings uniformly, reducing administrative overhead and ensuring consistent performance and security controls. Administrators can manage RDP Shortpath settings centrally, control all Shortpath modes, and ensure compatibility with AVD host pool settings. Effective operation of RDP Shortpath requires appropriate network conditions, and policy changes necessitate a restart of session hosts or Cloud PCs.

AppWizard

January 30, 2026

DoubleVerify warns of ‘zombie’ Android app fraud surge

DoubleVerify has raised concerns about a mobile scam involving the hijacking of dormant Android developer accounts, referred to as "zombie" accounts, which are exploited to publish fraudulent gaming applications on Google Play. This new tactic allows fraudsters to bypass automated checks due to the accounts' history of legitimate activity. The fraudulent apps generate invalid traffic, drain advertiser budgets, and excessively consume device battery power. DoubleVerify has identified unusual traffic patterns, such as surges at early morning hours, which do not align with typical gaming behavior, indicating the presence of bot clusters generating ad requests. Specific examples include dormant accounts that suddenly shifted to publishing gaming apps after years of inactivity. The reliance on developer history as a trust signal poses risks for advertisers, as it can lead to distorted campaign measurements and brand risks. DoubleVerify advocates for real-time behavioral analysis to enhance detection and protection against these threats.

Tech Optimizer

January 29, 2026

eScan Antivirus Update Server Hacked to Push Malicious Update packages

A supply chain breach has affected MicroWorld Technologies' eScan antivirus product, allowing malicious actors to use the vendor's update infrastructure to spread malware. Discovered on January 20, 2026, by Morphisec, the attack involved a trojanized update package that deployed multi-stage malware on enterprise and consumer endpoints globally. The initial compromise occurred through a malicious update replacing the legitimate Reload.exe binary, which was digitally signed with a valid eScan certificate. This led to the execution of a downloader (CONSCTLX.exe) and further malware stages that evaded defenses and disabled security features. The malware obstructs automatic updates by altering system configurations, including the hosts file and registry keys. Indicators of compromise include specific file names and SHA-256 hashes for the trojanized update and downloader. Network administrators are advised to block traffic to identified command and control domains and IPs. Affected organizations should verify their systems for signs of compromise and contact MicroWorld Technologies for a manual patch.

Tech Optimizer

January 29, 2026

Aurora PostgreSQL 13 Deadline: Four Upgrade Paths to Beat February Cutoff

Standard support for Amazon Aurora PostgreSQL-Compatible Edition and Amazon RDS for PostgreSQL version 13 will end on February 28, 2026. PostgreSQL 13 will be deprecated by the community in November 2025, ceasing to receive bug fixes or security patches. AWS recommends upgrading to newer versions, such as 16 or 17, which offer significant performance enhancements and improved security. PostgreSQL 17 can achieve up to twice the write throughput and consumes 20 times less memory during vacuum operations. Version 16 introduces pg_stat_io for detailed I/O statistics, while version 14 includes a vacuum emergency mode. Aurora-specific enhancements in version 14.9 and later can lead to faster query latency and reduced costs. Version 14 introduces new roles for access control, and version 15 revokes certain permissions. Major upgrades in logical replication include automatic slot synchronization in version 17 and support for parallel apply in version 16. Transitioning between major versions requires careful examination of catalog changes, as some views and configuration parameters will evolve. Extensions must be verified, as most do not auto-upgrade. An in-place major version upgrade can be performed via the AWS Console or CLI, with downtime varying based on database size. AWS recommends snapshot-based testing beforehand. The CLI command can check valid upgrade targets, leading from version 13 to 14, 15, 16, or 17. Preparation involves validating instance classes and dropping replication slots. Amazon RDS Blue/Green deployments allow for near-zero downtime by synchronizing production with a staging environment, enabling application testing before traffic switching. This feature is supported from Aurora PostgreSQL version 13.12 onward. Logical replication through pglogical offers flexibility for minimal downtime, while AWS DMS supports homogeneous migration with Change Data Capture. Extended Support is available for a fee, providing up to three years of security patches. Best practices include replicating production environments in staging, conducting load tests, and validating queries against new catalogs. Recent minor releases, including Aurora PostgreSQL 17.6 and 16.10, showcase ongoing improvements. Engaging AWS Support is advisable for complex setups to ensure seamless transitions before the deadline.

Tech Optimizer

January 28, 2026

Strategies for upgrading Amazon Aurora PostgreSQL and Amazon RDS for PostgreSQL from version 13

Standard support for PostgreSQL version 13 will end on February 28, 2026. Upgrading to newer PostgreSQL versions can enhance database performance and introduce new features. Notable enhancements in recent versions include: - Vacuum emergency mode (v14+) to manage old row versions. - Improved I/O performance (v17) with better write throughput. - Enhanced query optimization (v17+) for IN clauses and parallel BRIN index builds. - Memory efficiency improvements (v17) reducing vacuum memory usage. - Advanced monitoring features like pg_stat_io (v16+) and pg_wait_events (v17+). - Logical replication improvements such as failover support and slot migration (v17+). - Developer experience enhancements including JSONB subscripting (v14+) and SQL/JSON JSON_TABLE (v17+). - Security enhancements with new roles for access control (v14+) and maintenance tasks (v17+). For Amazon Aurora PostgreSQL-Compatible, upgrading to versions v14.9+, v15.4+, v16.1+, and higher can yield performance optimizations, including faster query latency and cost savings. Changes in system catalog views and configuration parameters have occurred in PostgreSQL versions 14 to 17, impacting application compatibility. Upgrade strategies include in-place upgrades, blue/green deployments, logical replication, and using AWS Database Migration Service (AWS DMS). If an immediate upgrade is not possible, Amazon RDS Extended Support offers up to three years of continued security patches and bug fixes beyond the standard support end date.