warnings Archives

Tech Optimizer

February 11, 2026

Hackers Used Hugging Face to Distribute Android Banking Trojans

Cybersecurity researchers have identified a malware campaign that exploited Hugging Face's AI infrastructure to distribute Android banking trojans. The attackers used a deceptive app called TrustBastion, which tricked users into installing what appeared to be legitimate security software. Upon installation, the app redirected users to an encrypted endpoint that linked to Hugging Face repositories, allowing the malware to evade traditional security measures. The campaign generated new malware variants every 15 minutes, resulting in over 6,000 commits in about 29 days. It infected thousands of victims globally, particularly in regions with high smartphone banking usage but lower mobile security awareness. The operation is believed to be linked to an established cybercriminal group. Security experts warn that this incident highlights vulnerabilities in trusted platforms and calls for improved security measures, including behavioral analysis systems and verification of application authenticity. The incident has also sparked discussions about the need for enhanced security protocols for AI platforms.

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.

Tech Optimizer

February 11, 2026

How to Disable Windows 11 Defender: Temporary and Permanent

Microsoft Defender Antivirus is the built-in security solution for Windows 11, protecting against viruses, malware, and ransomware. Users may need to disable it temporarily or permanently for various reasons, including software installation, penetration testing, performance issues, transitioning to third-party antivirus solutions, or troubleshooting conflicts. Temporary disabling can be done through the Windows Security app, which will automatically re-enable after a restart. Permanent disabling requires changes in Group Policy, applicable only to Windows 11 Pro, Enterprise, and Education editions, and necessitates disabling Tamper Protection first. Another method for permanent disabling is installing a third-party antivirus, which automatically deactivates Defender's real-time protection. Windows 11 Home users cannot use Group Policy for permanent disabling but can still temporarily disable Defender or install a third-party antivirus. Disabling Defender exposes the system to threats, and users should ensure they have alternative protection in place. Major Windows updates may reset Defender settings, and caution is advised when modifying system settings.

AppWizard

January 30, 2026

Addicted Gamer Sues Fortnite and Minecraft Over Video Game Addiction

A US gamer, Cayden Breeden, has filed a lawsuit against Epic Games, Microsoft Corporation, and Mojang Studios in New York, claiming that Fortnite and Minecraft are designed to exacerbate video game addiction. The lawsuit alleges that the companies failed to inform players about the dangers of excessive gaming and did not implement safeguards against compulsive gaming, which Breeden characterizes as negligent and fraudulent. He describes his gaming habits as compulsive, leading to withdrawal-like symptoms when not playing, and seeks compensation for pain, suffering, emotional distress, and related costs. The case argues that the design mechanics of both games promote extended play and addictive behaviors, despite lacking traditional gambling elements. This lawsuit is part of a growing trend of legal actions against gaming companies in the US. Community reactions on Reddit have varied, with some users expressing skepticism about the lawsuit's viability and others discussing the balance between personal responsibility and corporate accountability in game design. The outcome of the case could impact future game design and regulatory compliance in the industry. No formal statements have been made by the defendants regarding the lawsuit.

AppWizard

January 30, 2026

Google’s New Android Lockdown—Do Not Install These Apps

Google is tightening its policies on sideloading practices, allowing app installations only from verified developers to enhance user security and reduce risks associated with malicious software. The company has removed numerous harmful applications and accounts to combat the exploitation of its ecosystem. Cybercriminals are replicating popular applications like Google, YouTube, and WhatsApp to deceive users into downloading malicious software, which often masquerades as “mod” or “pro” versions. These counterfeit apps can install the Arsink Remote Access Trojan (RAT), which allows hackers to control devices, record audio, harvest personal information, and perform unauthorized actions. The Arsink operation has affected tens of thousands of victims across approximately 143 countries. Users are advised to avoid installing apps from messengers, online forums, or direct links and to use official app stores instead. Google confirms that the RAT is not infecting Play Store apps and encourages users to keep Play Protect enabled.

Winsage

January 29, 2026

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence

Praetorian Inc. has launched Swarmer, a tool that enables low-privilege attackers to maintain stealthy persistence in the Windows registry while avoiding detection by Endpoint Detection and Response (EDR) systems. Swarmer uses mandatory user profiles and the Offline Registry API to modify the NTUSER hive without triggering standard registry hooks. It operates by creating an NTUSER.MAN file that replaces the NTUSER.DAT hive upon user login, allowing low-privilege users to manipulate registry settings without alerting EDR tools. Swarmer employs functions from Microsoft’s Offline Registry Library, enabling it to perform operations without invoking Reg* API calls, thus evading detection mechanisms. Swarmer's workflow involves exporting the HKCU registry, modifying it, and executing the tool with specific commands to place the modified NTUSER.MAN file into the user profile. It can be used as an executable or a PowerShell module. While it presents a novel method for persistence, Swarmer has limitations, such as being unable to update without admin access and requiring user login to activate. Detection strategies include monitoring for NTUSER.MAN file creation and Offreg.dll usage in non-standard processes.

AppWizard

January 28, 2026

Man sues Minecraft and Fortnite saying they fueled his video game addiction

A video game player, Cayden Breeden, has filed a lawsuit against the creators of Fortnite and Minecraft, as well as Microsoft, in the New York Southern District Court, claiming he developed an addiction to these games. The 56-page complaint alleges that the companies failed to implement necessary safeguards against gaming addiction, which Breeden argues poses significant risks to players. He accuses the companies of negligence and fraud, stating that their business practices are deceptive and exacerbate gaming addiction for profit. Breeden describes his gaming habits as compulsive and disordered, leading to withdrawal-like symptoms such as anger and antisocial behavior. He is seeking compensation for pain and suffering, emotional distress, medical expenses, and attorney's fees. This lawsuit reflects a growing trend of legal actions against game developers for practices that encourage addictive behaviors, with similar cases being filed in recent years.

Winsage

January 27, 2026

Microsoft warns Teams users about scammers posing as trusted brands

Microsoft has introduced a Brand Impersonation Protection feature for Teams that scrutinizes incoming VoIP calls from unfamiliar external contacts to identify potential brand impersonation. This feature alerts users to high-risk and suspicious calls, aiming to enhance security in digital communications. Additionally, Microsoft has postponed the rollout of its Wi-Fi location tracking feature to mid-March, which monitors users' live locations when connected to office Wi-Fi, raising concerns about corporate surveillance.

Tech Optimizer

January 27, 2026

Not a virus: What it means and why antivirus flags it

The term “not a virus” is used by antivirus software to indicate that a file does not match known malware signatures but still triggers a detection. This means the file is not automatically blocked or confirmed as a threat; the alert highlights something unusual, leaving the decision to the user. Alerts typically arise when software exhibits behavior associated with increased risk, despite lacking clear evidence of malicious intent. Malware is specifically designed to inflict harm, while files labeled “not a virus” may perform actions that raise security concerns but are not classified as harmful. Antivirus programs identify threats through signature detection and heuristic behavior-based detection. Legitimate programs, such as system utilities, download managers, and game cheats, can inadvertently trigger “not a virus” alerts. Common types of detections include adware, riskware, and potentially unwanted applications (PUA). The primary security risk of “not a virus” files is exposure rather than direct attacks, and privacy concerns often arise from data collection by these programs. If an antivirus detects “not a virus,” users should identify the file, review recent changes, compare detections, and decide whether to keep or remove it. To reduce unwanted alerts, users should download from official sources, use custom installation options, and remove unused software.

AppWizard

January 20, 2026

Google Plans Extra Safety Checks for Android App Sideloading

Google is introducing an online developer verification system to enhance the safety of sideloaded Android applications. This feature will verify the authenticity of app developers when users sideload applications, requiring an active internet connection for verification. If a device is offline, users will receive a warning message indicating that the app developer cannot be verified. The verification system aims to provide transparency and empower users to make informed choices without restricting sideloading. Google has historically allowed sideloading but is increasingly aware of the associated security vulnerabilities. The company promotes Play Protect and has introduced warnings and safety checks to encourage cautious user behavior. Google acknowledges that many users rely on sideloaded apps for valid reasons and aims to ensure they are aware of the risks and can verify the trustworthiness of developers.