web browser Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

February 22, 2026

For all its problems, these are 5 ways Windows 11 makes my life easier every day

Windows 11 operates on nearly 70% of the world's desktops. It features native extraction for compressed files, allowing users to extract files directly from the context menu without third-party applications. The introduction of tabbed browsing in File Explorer helps manage files more effectively, reducing clutter. Snap assist offers layout options for window arrangement, facilitating multitasking. Users can create separate virtual desktops, each customizable with unique wallpapers, to organize different workspaces. Windows 11 includes native screen recording capabilities and an optical character recognition (OCR) feature for extracting text from images and screenshots.

Winsage

February 20, 2026

Announcing Windows 11 Insider Preview Build 28020.1619 (Canary Channel)

Windows 11 Insider Preview Build 28020.1619 has been released to the Canary Channel (KB 5077230). New features include: - Enhanced Cross-Device Resume allows users to continue activities from Android devices on PCs, including support for Vivo Browser and Microsoft Copilot app files. - Narrator customization now lets users control how on-screen elements are announced. - Windows Hello Enhanced Sign-in Security now supports peripheral fingerprint sensors. - Voice Typing introduces a 'Wait time before acting' setting for improved command execution. - A streamlined setup flow for Voice Access has been implemented. - Language support for the Settings Agent has expanded to include German, Portuguese, Spanish, Korean, Japanese, Hindi, Italian, and Chinese (Simplified). - A refreshed SCOOBE screen for reviewing recommended settings has been introduced. - Paint version 11.2601.391.0 includes a freeform rotate feature for enhanced editing control. Features in the Canary Channel are rolled out gradually, and a desktop watermark will be displayed in pre-release builds. A clean install is required to exit the Canary Channel.

AppWizard

February 20, 2026

Keeping Google Play & Android app ecosystems safe in 2025

The Android ecosystem focuses on preventing real-world harm, including malware and privacy invasions, by enhancing investments in AI and real-time defenses. In 2025, over 1.75 million policy-violating apps were prevented from being published, and more than 80,000 malicious developer accounts were banned. Google Play conducts over 10,000 safety checks on each app, blocking over 255,000 apps from accessing sensitive user data and 160 million spam ratings and reviews. Google Play Protect scans over 350 billion apps daily, identifying over 27 million new malicious apps last year. Enhanced fraud protection was expanded to 185 markets, blocking 266 million risky installation attempts. Developer tools like Play Policy Insights and the Play Integrity API were introduced to streamline app development and enhance security. Developer verification is being extended to ensure accountability, and Android 16 includes features to protect sensitive information with minimal code.

AppWizard

February 19, 2026

Is Messenger shutting down? Here’s the truth about Meta’s update

Meta announced the discontinuation of the Messenger website (messenger.com) effective April of this year, directing users to access messaging through facebook.com/messages. Users will be automatically redirected to this new address for messaging on a computer, and can continue using the Messenger mobile app. Those without a Facebook account will need to create one or reactivate an existing account to access their chats. The core messaging service will remain operational through the Facebook website and mobile app, despite speculation about the potential shutdown of Messenger. The standalone Messenger desktop applications for Windows and macOS were closed in December 2025.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

AppWizard

February 15, 2026

From mainstream to underdog: These are the apps I recommend

In a recent poll, 20% of respondents favored mainstream applications, while 80% preferred underdog alternatives. Vivaldi is a web browser that prioritizes user privacy and offers extensive customization options, built on a Chromium foundation for compatibility with Chrome extensions. Anytype is an offline-first application that combines features of Notion and Obsidian, focusing on privacy and security. Deezer is highlighted as a superior music streaming service compared to Spotify, with an extensive library and a user-friendly interface that includes a personalized music recommendation feature called Flow. Perplexity is an AI platform that provides verified sources and a user-friendly interface, offering access to multiple AI models through a single subscription. Superlist is a to-do list application developed by the creators of Wunderlist, featuring natural language input, AI-driven task organization, and a free version with a Pro subscription for expanded features.

AppWizard

February 12, 2026

Russia moves to block WhatsApp, pushes state-backed rival

Russia has announced steps to block WhatsApp, part of a broader initiative to control foreign technology while promoting its own messaging app, MAX. WhatsApp has about 100 million users in Russia and 3 billion globally, and has expressed commitment to keeping users connected amid these challenges. Russian regulators have also imposed restrictions on Meta's platforms, including Facebook and Instagram, as well as international media outlets. Kremlin spokesperson Dmitry Peskov noted that Meta could resume operations in Russia if it complies with local laws. Russian authorities have removed WhatsApp from an online directory managed by communications regulator Roskomnadzor. Additionally, users of Telegram in Russia reported slow traffic and potential restrictions, with the app's founder asserting a commitment to freedom and privacy despite government pressure.

Winsage

February 11, 2026

Patch Tuesday, February 2026 Edition

Microsoft has released updates addressing over 50 vulnerabilities in its Windows operating systems and applications, including six critical zero-day vulnerabilities. 1. CVE-2026-21510: A security feature bypass in Windows Shell that allows execution of malicious content via a single click on a link, affecting all supported Windows versions. 2. CVE-2026-21513: Targets MSHTML, the web browser engine in Windows. 3. CVE-2026-21514: A security feature bypass in Microsoft Word. 4. CVE-2026-21533: Allows local attackers to gain SYSTEM level access in Windows Remote Desktop Services. 5. CVE-2026-21519: An elevation of privilege flaw in the Desktop Window Manager (DWM). 6. CVE-2026-21525: A potential denial-of-service threat in the Windows Remote Access Connection Manager. Additionally, the updates include fixes for remote code execution vulnerabilities affecting GitHub Copilot and various IDEs, specifically CVE-2026-21516, CVE-2026-21523, and CVE-2026-21256, which arise from a command injection flaw. Security experts emphasize the importance of safeguarding developers due to their access to sensitive data and recommend applying least-privilege principles.