virtual machine Archives

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

Winsage

May 3, 2026

Hate AI in Windows 11? Nuke it with this tool Microsoft probably doesn’t want you to know about

Microsoft has integrated artificial intelligence into Windows 11 with features like Copilot and Windows Recall, but user reception has been mixed due to security and privacy concerns. Users can disable or uninstall certain features, leading to a demand for a more streamlined operating system. NTLite, a Windows customization tool, allows users to enhance their control over Windows 11, offering faster multi-threaded extraction and the ability to remove AI tools from Windows 11 25H2 images, thus simplifying the user experience and reducing installation sizes. NTLite supports various Windows Image files and live editing, enabling modifications without a complete reinstall. It includes an AI Component Management option for greater control over AI features. While some components are critical and cannot be safely removed, users are advised to test ISO files in a virtual machine and create restore points before making significant changes.

Winsage

April 28, 2026

I investigated Windows 11’s massive 5GB monthly .msu updates. AI is only part of the problem.

Windows 11 updates have significantly increased in size, with monthly cumulative updates often exceeding 4GB and some approaching 5GB. One update can expand to nearly 9GB when extracted. Microsoft has shifted to delivering Latest Cumulative Updates (LCUs), which include all previous fixes, leading to larger update sizes over time. The introduction of Checkpoint Cumulative Updates aims to reduce this growth by establishing periodic baselines, but the effectiveness has been mixed. The May 2025 cumulative update saw a size increase from approximately 6.5GB to nearly 9GB, with new MSIX files related to semantic search and on-device AI contributing to this growth. Windows Update uses applicability logic to minimize download sizes for users, but enterprises must download full packages, resulting in increased storage costs. The average yearly storage cost for enterprises rose from about 11 GB in 2024 to 52 GB by 2026. Users can check their actual download sizes through the Windows Update settings and Event Viewer logs.

Tech Optimizer

April 23, 2026

Take Control: Customer-Managed Keys for Lakebase Postgres

Encryption at rest is essential for cloud environments, especially in regulated sectors. Lakebase offers Customer Managed Keys (CMK), allowing organizations to control their encryption keys from preferred Key Management Services (KMS) like AWS KMS, Azure Key Vault, or Google Cloud KMS. Lakebase CMK manages both persistent storage and ephemeral compute, ensuring data security. Lakebase's architecture separates storage and compute layers, enabling elastic scaling and serverless operations. The storage layer maintains persistent data, while the compute layer consists of dynamic Postgres instances. This separation poses encryption challenges, addressed by Lakebase CMK through a hierarchical Envelope Encryption model. The key hierarchy includes: 1. Customer Managed Key (CMK): The Root of Trust in the cloud KMS, never accessed in plaintext by Databricks. 2. Key Encryption Key (KEK): A transient key for wrapping data keys. 3. Data Encryption Keys (DEKs): Unique keys for each data segment, stored in an encrypted state. When data access is needed, Lakebase retrieves DEKs by unwrapping keys from the KMS. If a key is revoked, access to the data is denied, and ephemeral compute instances are terminated. In practice, CMK applies to: 1. Persistence Layer (Storage): All data segments are encrypted with keys controlled by the CMK. 2. Ephemeral Layer (Compute): Each compute instance generates a unique ephemeral key, and upon revocation, the instance is terminated, destroying in-memory keys. CMK implementation follows a delegation model, allowing Security Admins to manage keys without accessing data. The process includes key configuration, workspace binding, and lifecycle management. Key rotation is seamless, requiring no data re-encryption. All cryptographic operations involving the CMK are logged by the cloud provider's audit service. Lakebase CMK is available for Enterprise tier customers, allowing organizations to manage their encryption keys effectively.

Winsage

April 4, 2026

Run Windows on your Mac or revive an old PC for $13

A sluggish computer often does not require a complete overhaul; upgrading the operating system can enhance speed, security, and functionality. Windows 11 Pro offers a modern interface, multitasking tools, and security features like biometric login and advanced antivirus protection, which can extend the lifespan of older devices. Mac users can run Windows 11 Pro using Boot Camp or virtual machine software, allowing access to Windows-exclusive applications and games. Windows 11 Pro also enhances gaming through DirectX 12 Ultimate. The operating system is available for .97 (MSRP 9) until April 4th at 11:59 PM PST. Prices are subject to change.

Winsage

April 3, 2026

Man admits to locking thousands of Windows devices in extortion plot

A former core infrastructure engineer, Daniel Rhyne, admitted to locking Windows administrators out of 254 servers during an extortion attempt against his employer in Somerset County, New Jersey. Rhyne accessed the company's network without authorization from November 9 to November 25, deleting network admin accounts and altering passwords for 13 domain admin accounts and 301 domain user accounts to "TheFr0zenCrew!". He also scheduled tasks to modify passwords for two local admin accounts affecting 3,284 workstations and planned to shut down random servers and workstations in December 2023. On November 25, he sent a ransom email demanding 20 bitcoin, claiming IT administrators were locked out and server backups erased. Forensic investigators found he used a concealed virtual machine to plan his actions. Rhyne was arrested on August 27 and faces charges related to hacking and extortion, with a potential maximum sentence of 15 years in prison.

Winsage

March 24, 2026

Microsoft Announces WSL Upgrades for Windows 11

Microsoft has announced enhancements for the Windows Subsystem for Linux (WSL) to improve the experience for developers using Linux tools on Windows. Key areas of focus include: - Faster file performance between Linux and Windows - Improved network compatibility and throughput - A more streamlined first-time setup and onboarding experience - Enhanced enterprise management with stronger policy control, security, and governance Networking improvements are particularly significant, addressing past issues with mirrored networking that caused “No route to host” errors. Additionally, a new dxgkrnl driver patch has been submitted to improve GPU support for WSL2, introducing compute-only GPU capabilities and support for multiple virtual GPUs. Pavan Davuluri, Microsoft VP for Windows and Devices, emphasized ongoing quality improvements for Windows 11, including reducing Copilot integration in built-in applications, enhancing Bluetooth and USB reliability, and improving search functionality and responsiveness. Despite these commitments, concerns remain, such as the mandatory Microsoft Account sign-in requirement.

Winsage

March 11, 2026

How to disable Hyper-V for Windows 11

Microsoft's Hyper-V is a hardware virtualization platform integrated into Windows 11 Professional, Enterprise, and Education editions, allowing users to host multiple virtual machines (VMs) on a single computer. It operates using a type 1 hypervisor directly on hardware, enabling VMs to share resources like CPU, memory, and storage. Hyper-V includes features such as dynamic memory allocation, software-defined networking, and saved checkpoints. IT administrators may need to disable Hyper-V due to compatibility issues with third-party virtualization software, high-precision applications, or driver conflicts. Disabling Hyper-V can also affect security features reliant on it, such as virtualization-based security (VBS) and Device Guard. Methods to disable Hyper-V include: 1. Using the Windows Features dialog. 2. Executing a PowerShell command: Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All, HypervisorPlatform, VirtualMachinePlatform. 3. Running a DISM command:

dism /Online /Disable-Feature /FeatureName:Microsoft-Hyper-V-All /FeatureName:HypervisorPlatform /FeatureName:VirtualMachinePlatform

. 4. Using the bcdedit command: bcdedit /set hypervisorlaunchtype off. 5. Modifying Group Policy to disable VBS. 6. Editing the Windows Registry to disable VBS or Credential Guard. For multiple managed computers, administrators can create and execute a PowerShell script or use Group Policy Objects to streamline the process. Testing in a controlled environment is recommended to ensure desired outcomes without compromising security or functionality.

Winsage

March 11, 2026

Windows 11 Pro Features Every Modern Worker Should Enable in 2026

Windows 11 Pro includes features such as BitLocker, Smart App Control, Dynamic Lock, Controlled Folder Access, Windows Sandbox, Hyper-V, Group Policy, Assigned Access, and Remote Desktop, which enhance security and management for users, especially in hybrid work environments. - BitLocker encrypts drives to protect files if a device is lost or storage is removed. - Smart App Control blocks untrusted or unsigned applications before they run. - Dynamic Lock automatically locks the device when a paired phone moves out of range. - Controlled Folder Access protects files in designated folders from unauthorized modifications. - Windows Sandbox provides a temporary, isolated environment for testing software without affecting the main system. - Hyper-V allows users to run virtual machines and test different operating systems. - Group Policy Editor offers advanced settings for managing updates and security protocols. - Assigned Access restricts a device to a single application for shared-use scenarios. - Remote Desktop enables users to access their main PC remotely from other devices. Recommended features to enable for enhanced security and workflow include BitLocker, Controlled Folder Access, Dynamic Lock, and Remote Desktop. Windows Sandbox is suggested for users dealing with unknown files, while Hyper-V is for advanced users. Group Policy and Assigned Access are beneficial for specific management needs.

AppWizard

March 11, 2026

How Advanced Browsing Protection Works in Messenger

Advanced Browsing Protection (ABP) in Messenger enhances user privacy by warning users about potentially harmful links shared in end-to-end encrypted communications. It analyzes links using on-device models and a dynamic watchlist of millions of potentially malicious sites, utilizing cryptographic techniques to maintain user privacy. ABP is based on a cryptographic primitive called private information retrieval (PIR), which minimizes the information a server learns from client queries. The system also employs oblivious pseudorandom functions (OPRFs) and manages URL queries through a privacy-preserving URL-matching scheme. The server groups links by domain, allowing clients to request a single bucket for domain-specific path components, and generates a ruleset to balance bucket sizes. To safeguard client queries, AMD's SEV-SNP technology creates a confidential virtual machine (CVM) that processes hash prefixes securely, generating attestation reports for integrity verification. The use of Oblivious RAM and Oblivious HTTP (OHTTP) enhances privacy by preventing exposure of memory access patterns and stripping identifying information from client requests. The lifecycle of an ABP request includes pre-processing phases where the server updates the URL database and computes rulesets, followed by client requests that involve calculating bucket identifiers, sending encrypted requests through a proxy, and checking for unsafe URLs based on server responses.