Windows hosts Archives

Tech Optimizer

January 29, 2026

Top antivirus hacked to push out a malicious update – find out if you’re affected

Recent reports indicate that the antivirus program eScan experienced a security breach, leading MicroWorld Technologies to conduct an internal investigation. A threat actor exploited compromised update servers to distribute malware to users who downloaded updates during a two-hour window on January 20, 2026. The exact number of affected users is unknown, but the company has isolated the compromised infrastructure and refreshed credentials while assisting impacted users. The eScan product itself was not altered, and the victims were limited to a specific regional cluster. The malware, identified as CONSCTLX, operates as a backdoor and downloader, allowing attackers to maintain access and execute commands on infected devices. The identity of the attackers is unknown, but North Korean cybercriminals previously exploited eScan's update mechanism in 2024. MicroWorld Technologies has provided support to millions of customers but has not disclosed the total number of eScan users.

Winsage

November 4, 2025

Hackers Use Hyper-V to Deploy Linux Malware on Windows Systems

The Russian-aligned APT group Curly COMrades has been using hidden Alpine Linux virtual machines (VMs) on compromised Windows hosts via Microsoft Hyper-V to evade detection and maintain covert access. This technique was uncovered in mid-2025 through an investigation by Bitdefender and the Georgian CERT, which traced suspicious activities to a compromised Georgian website. The attackers activated Hyper-V on the infected machines, downloaded a disguised VM image, and named it “WSL.” The VM, operating on Alpine Linux, had a small disk footprint and low RAM usage, minimizing alerts from security systems. Within this environment, they deployed two malware implants: CurlyShell, a reverse shell for command execution, and CurlCat, a reverse proxy tool for SSH traffic. Both implants were designed to maintain a low forensic footprint. The attackers also used a PowerShell script to inject encrypted Kerberos tickets into LSASS for lateral movement and employed various tunneling tools for communication. Artifacts from their operations were stored in directories that blended with legitimate Windows files. Security teams are advised to audit Hyper-V usage, monitor for hidden VMs, and enable host-based network inspection.

Winsage

September 29, 2024

VirtualBox 7.1.2 is out with performance improvements for Windows VMs and more

Oracle has released VirtualBox version 7.1.2, a maintenance update focusing on user experience improvements and technical fixes. Key enhancements include a multi-window layout, resolution of virtual machine management issues, customizable remote display security, and a more stable macOS/Arm UI. Technical fixes address NAT performance on Windows hosts, DHCP issues for certain guest configurations, enablement of 3D acceleration for ARM-based VMs, improvements in state management, UEFI Secure Boot querying, and SDK enhancements. VirtualBox 7.1.2 is available for free download and supports multiple platforms, including Windows, macOS, Linux, and Solaris.

Winsage

September 3, 2024

VMware Workstation Pro 17.6 is out with Windows 11 23H2, Server 2025 support and more

VMware Workstation Pro has transitioned to a free model for personal use with the release of version 17.6. This update introduces a new command-line tool, vmcli, which allows users to perform operations such as creating virtual machines and modifying VM settings via Command Prompt or Terminal. The update expands support for guest and host operating systems, including Windows Server 2025, Windows 11 Version 23H2, Ubuntu 24.04, and Fedora 40. It addresses critical issues such as VMware KVM crashes, slow virtual machine performance on non-admin Windows accounts, and installation failures on Linux hosts with kernel version 6.8. Notable changes include the removal of legacy VMTools ISOs, end-of-life support for Bluetooth hub passthrough, discontinuation of physical host parallel ports support for Windows, removal of Unity mode, and the Enhanced Keyboard driver. VMware Workstation Pro can be downloaded for free for personal use, but a free account is required, and commercial use still requires a license.

Winsage

July 27, 2024

CrowdStrike CEO Was Working For McAfee In 2010 When There Was A Global Tech Outage Too

The faulty update provided by CrowdStrike for Windows led to massive system failures, affecting major airlines, healthcare providers, and retail operations. The issue was not a result of a cyberattack but a critical flaw in the update's coding. CrowdStrike's CEO, George Kurtz, had previously been involved in a similar tech failure at McAfee in 2010, raising questions about the company's internal processes and safeguards.

Winsage

July 22, 2024

Tesla Giga Berlin quickly resolves IT problems from worldwide Windows outage

Tesla Giga Berlin quickly resolved a worldwide IT problem caused by a Windows outage, which affected various industries.

Winsage

July 19, 2024

Windows/CrowdStrike outage recap: Today’s ‘Blue Screen of Death’ error explained

A global IT outage has caused Windows workstations and terminals to show 'DRIVEROVERRANSTACK_BUFFER' Blue Screen of Death errors, leading to disruptions in airlines, stores, TV stations, and internet services worldwide. Airlines like Delta, United, and American Airlines have grounded planes due to communication issues, while stores and online services have also been impacted. CrowdStrike has released a fix for the issue, but major financial institutions like banks and credit card companies are still experiencing outage reports. Mac and Linux systems were not affected by the outage, highlighting the world's dependence on the Windows operating system. Healthcare services have also been impacted, with hospitals around the world facing disruptions in patient care.

Winsage

July 19, 2024

Infamous BSOD appears across Windows machines globally as suspected security bug grounds planes, hits health services

A bug in CrowdStrike security software has caused global system outages, affecting industries such as airlines, train companies, and emergency services. Microsoft has acknowledged the issue, stating that virtual machines running Windows with the CrowdStrike Falcon agent may encounter the blue screen of death (BSOD) and get stuck in a restarting loop. CrowdStrike has identified and deployed a fix for the issue, but major organizations like Sky News and KLM have experienced outages, with some still working to restore services. CrowdStrike assures that this is not a security incident or cyberattack, but rather a technical fault with a content update for Windows hosts.

Winsage

July 19, 2024

Centre Issues Advisory On Microsoft Windows Outage

The Centre issued an advisory regarding the outage of Microsoft Windows caused by the CrowdStrike agent 'Falcon Sensor' update. Windows hosts using the Falcon Sensor were experiencing crashes and outages due to a recent update, resulting in the "Blue Screen of Death (BSOD)". CrowdStrike has since reverted the update.

Tech Optimizer

July 19, 2024

Global IT outage disrupting NHS ’caused by antivirus software’

A global IT outage affecting healthcare services was caused by antivirus firm CrowdStrike, impacting Windows virtual machines. CrowdStrike clarified that it was not a security incident or cyberattack, but a defect in a single content update for Windows hosts. NHS England confirmed the outage affected EMIS, used by GP practices and pharmacies, with measures in place to manage the disruption. GP practices and healthcare centers in the UK informed patients about the disruption on social media platforms.