two-factor authentication Archives

AppWizard

June 21, 2026

5 apps you should use instead of Google Password Manager

Google Password Manager is easy to set up but can be restrictive in sharing vaults, exporting data, and transitioning to different platforms, leading users to seek third-party password managers for better flexibility and control. A recent poll indicated the reasons users consider alternatives: 34% for more privacy and security, 22% for better cross-platform support, 18% for more control over data, 6% for advanced features, 3% for better sharing options, and 17% would not switch. Bitwarden is recommended for its open-source nature, independent audits, and a free tier with no limits on devices or passwords. The premium plan is priced attractively, and a family plan is available. 1Password offers a polished interface and features like a Watchtower tool and Travel Mode, with a 14-day trial available before an annual subscription. Proton Pass is known for its privacy reputation, has a generous free tier, and offers a Pass Plus plan with additional features. NordPass provides an intuitive experience with a straightforward migration process, but its free tier is limited to one active device, while the premium plan is competitively priced. KeePassXC is a free and open-source tool that allows local storage of encrypted vaults, prioritizing data sovereignty and security, though its complexity may deter casual users.

Tech Optimizer

June 21, 2026

Is Free Antivirus Safe in 2026? What Most Free Antivirus Apps Don’t Tell You

Some free antivirus software provides legitimate protection against malware, viruses, ransomware, trojans, and suspicious downloads, but not all are equal. Free antivirus programs often generate revenue through premium upgrades, advertising, partner promotions, data collection, or bundled software offers. Users may face upselling tactics, including pop-up notifications and upgrade prompts, which can create confusion between marketing messages and actual security threats. Many free antivirus apps collect data on websites visited, download activity, device information, and security events, raising privacy concerns. Devices often come with built-in antivirus protection, such as Microsoft Defender for Windows and XProtect for Mac, while smartphones have multiple layers of security. In 2026, the biggest cybersecurity risks are phishing attacks, fake websites, investment scams, account takeovers, social engineering attacks, and credential theft, rather than malware. Free antivirus software can create a false sense of security, leading users to believe they are safe from cyber threats. A reputable free antivirus may suffice for users who browse responsibly and maintain good online habits, while paid antivirus may be worth it for additional services like identity theft monitoring and VPNs. Not all free antivirus products offer the same level of protection, so users should choose reputable providers and scrutinize privacy policies.

Tech Optimizer

June 18, 2026

Retro gaming fans are the new target for fake GitHub malware

Retro gaming enthusiasts should be cautious when exploring GitHub projects for tools or plugins, as cybercriminals may disguise malware as homebrew software. A specific incident involved a project called EQVita, which pretended to be a free audio tool for PlayStation Vita but actually contained Windows malware. The downloaded file included three files: Launch.bat, luajit.exe, and x64.txt, with the latter concealing a hidden script that connected to the attacker's server upon execution. This scam is part of a broader trend where counterfeit GitHub repositories distribute SmartLoader malware, which retrieves additional malicious software aimed at stealing passwords and cryptocurrency wallets. The PS Vita community, despite the console's production ceasing, remains active in modding, making it a target for attackers. Legitimate plugins typically come in Vita-compatible formats, while fake ones may feature polished marketing materials and AI-generated descriptions. Users are advised to verify sources, be cautious of suspicious downloads, and utilize security tools like Malwarebytes. If someone has executed the malicious EQVitav1.3.zip file, they should conduct a malware scan, change important passwords, and monitor accounts for unauthorized access. Indicators of compromise include the domains https://github.com/Voistace/EQVita and https://voistace.github.io, and the IP address 85.137.52.21.

Tech Optimizer

June 15, 2026

How to safely stay online while travelling

Traveling exposes individuals to potential cyber threats and scams. To enhance online security during travels, consider the following strategies: - Avoid using public Wi-Fi networks to protect sensitive information; instead, use mobile data or a global eSIM. - Use a Virtual Private Network (VPN) to conceal your IP address while browsing, but be aware of potential access restrictions on some websites. - Invest in a robust antivirus suite for all devices, including laptops and mobile phones. - Secure devices with login passwords and consider adding a password to your SIM card. - Enable two-factor authentication (2FA) for added security on accounts. - Research local scams and cybersecurity threats specific to your destination before traveling. - Keep apps and phone firmware updated to ensure the latest security enhancements.

Winsage

June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.

Tech Optimizer

June 12, 2026

NordVPN’s next-gen antivirus aces independent testing with a 96% phishing block rate

NordVPN's next-generation antivirus blocked 96% of phishing sites in the 2026 Anti-Phishing Comparative Test by AV-Comparatives, improving by 6% from May 2025. The test involved 275 active phishing URLs targeting personal data across various platforms. NordVPN was the first VPN provider to receive the AV-Comparatives anti-phishing protection badge in June 2024, requiring detection and blocking of at least 85% of phishing URLs without false alarms. Users are advised to verify URLs, read messages carefully, enable two-factor authentication, and check for secure HTTPS connections to avoid phishing attempts.

Winsage

June 10, 2026

Windows 11’s June update shuts down an intentional BitLocker backdoor with full file access

Microsoft addressed three zero-day vulnerabilities identified by security researcher Nightmare-Eclipse, named YellowKey, GreenPlasma, and MiniPlasma. The YellowKey vulnerability allows access to BitLocker-protected drives on Windows 11 using a USB key, leading to allegations that Microsoft may have left a backdoor in BitLocker. Microsoft implemented a mitigation strategy included in the June 2026 Patch Tuesday updates, which addressed over 200 security flaws. Tensions arose between Microsoft and Nightmare-Eclipse regarding vulnerability reporting protocols and researcher compensation, with Microsoft initially threatening legal action against the researcher. Following backlash, Microsoft retracted the threat but tensions persisted. Nightmare-Eclipse claimed retaliation from Microsoft, including the banning of their GitHub account and deletion of their Microsoft account, which Microsoft denied. The situation highlights the ongoing challenges in cybersecurity and the relationship between tech companies and security researchers.

Winsage

June 5, 2026

Microsoft Edge won’t let you access its password manager without Windows Hello

Microsoft Edge has removed the use of master passwords for its password manager on Windows, transitioning to Windows Hello for authentication in version 145 of the browser. This update prioritizes security by allowing access through biometric options or a PIN, rather than traditional passwords. The rollout of this update began on June 4, 2026.

BetaBeacon

June 3, 2026

Fake GTA 6, real malware: the new scam targeting Windows and Android

Attackers create fake GTA 6 beta scams that install trojans on machines, stealing credentials and mining cryptocurrency. Gamers' anticipation for highly anticipated games makes them vulnerable to these scams. NordVPN's antivirus can intercept these files and protect users from phishing sites impersonating gaming platforms. NordVPN's Premium plan includes VPN and antivirus for .85/month. NordVPN's antivirus works well on Windows and macOS, but is limited on mobile versions. The plan comes with a 30-day money-back guarantee.

Winsage

June 2, 2026

New PHANTOMPULSE RAT Campaign Uses UAC Bypass in Windows Attacks

The REF6598 intrusion set has revealed a Remote Access Trojan (RAT) named PHANTOMPULSE, which is distributed via malicious Obsidian plugins. It uses advanced evasion techniques, including a blockchain-based command and control (C2) channel and a public User Account Control (UAC) bypass to infiltrate Windows systems. The malware disables security measures like the Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP) through a hardware-breakpoint technique, allowing it to avoid detection by signature-based memory scanners. PHANTOMPULSE hides its core files in encrypted registry blobs and creates scheduled tasks that appear as .NET Framework updates. Its decentralized C2 framework queries public blockchains for operational data, but it lacks sender authentication, which can be exploited by defenders. The malware inventories the system for antivirus software and targets high-value applications. It employs a UAC bypass technique called “schuac” to gain elevated permissions. Analysts attribute this campaign to DPRK-aligned threat actors, particularly the BlueNoroff group, due to its focus on cryptocurrency wallets and blockchain exploitation. Defenders can identify new infrastructure by searching blockchain ledgers for a specific hex signature associated with the malware's C2 encryption routine.