We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Windows system

silver Android smartphone
Winsage
June 18, 2025

XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users

A cyber espionage campaign attributed to the XDSpy threat actor has been discovered, exploiting a zero-day vulnerability in Windows shortcut files identified as “ZDI-CAN-25373.” This vulnerability allows attackers to conceal executed commands within specially crafted shortcut files. XDSpy has primarily targeted government entities in Eastern Europe and Russia since its activities became known in 2020. Researchers from HarfangLab found malicious LNK files exploiting this vulnerability in mid-March, revealing issues with how Windows parses LNK files. The infection begins with a ZIP archive containing a malicious LNK file, which triggers a complex Windows shell command to execute malicious components while displaying a decoy document. This command extracts and executes a first-stage malware called “ETDownloader,” which establishes persistence and downloads a second-stage payload known as “XDigo.” The XDigo implant, written in Go, collects sensitive information and employs encryption for data exfiltration. This campaign represents an evolution in XDSpy's tactics, combining zero-day exploitation with advanced multi-stage payloads.
XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users
Winsage
June 18, 2025

XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users

The XDSpy threat actor is exploiting a Windows LNK zero-day vulnerability (ZDI-CAN-25373) to target governmental entities in Eastern Europe and Russia since March 2025. This campaign involves a multi-stage infection chain deploying the XDigo implant, developed in Go. Attackers use spearphishing emails with ZIP archives containing crafted LNK files that exploit the vulnerability. Upon execution, these files sideload a malicious C# .NET DLL named ETDownloader, which establishes persistence and retrieves the XDigo payload from specific domains. XDigo is a data collection implant capable of file scanning, clipboard capture, and screenshot acquisition, communicating with command-and-control servers. The campaign targets Belarusian governmental entities and employs advanced tactics, including anti-analysis checks and encryption for data exfiltration. Indicators of compromise include specific SHA-256 hashes for ZIP archives, LNK files, the ETDownloader, and XDigo malware, along with associated distribution and command-and-control domains.
Update Windows Now — Microsoft Confirms System Takeover Danger
Winsage
June 16, 2025

Update Windows Now — Microsoft Confirms System Takeover Danger

CVE-2025-33073 is a Windows authentication relay attack vulnerability with a CVSS score of 8.8, indicating high severity. It allows attackers to gain SYSTEM privileges on affected systems. Currently, there is no evidence of active exploitation, but the public disclosure raises concerns. Exploitation involves executing a malicious script that makes the victim's machine connect to the attacker's system using SMB. Security researchers have described it as an authenticated remote command execution on machines that do not enforce SMB signing. Microsoft has released a fix as part of the June Patch Tuesday security updates to address this vulnerability.
Best Windows apps this week
Winsage
June 6, 2025

Best Windows apps this week

Microsoft has made significant updates for users in the European Union and European Economic Area, including the ability to uninstall the Microsoft Store while still receiving app updates, a reduction in notifications related to Edge, and increased control over web searches in Windows. This week features discounts on various applications, with some offers extending beyond a single week. Notable new or improved Windows apps include: - Fences 6.0: An updated desktop management tool that allows users to organize programs and links into customizable groups with new tab support. - Start Everywhere: An application launcher that complements the Windows Start Menu, enabling users to launch applications from any screen corner using mouse clicks, hotkeys, or active corners. - VeraCrypt 1.26: An open-source encryption software that allows users to encrypt their entire system, individual hard drives, or specific partitions, with new protective measures against screen recordings and captures.
New Malware Compromise Microsoft Windows Without PE Header
Winsage
May 31, 2025

New Malware Compromise Microsoft Windows Without PE Header

A new strain of malware has been operating undetected on Windows systems for several weeks, utilizing advanced evasion techniques that corrupt its Portable Executable (PE) headers to avoid detection. Security researchers discovered this malware embedded in the memory of a compromised system during an investigation, using a 33GB memory dump that revealed its presence in a dllhost.exe process with process ID 8200. The malware, classified as a Remote Access Trojan (RAT) by Fortinet, employs batch scripts and PowerShell commands for its attack and has capabilities for screenshot capture, remote server functionality, and system service manipulation. Its command and control infrastructure uses encrypted communications, complicating detection efforts. The malware's distinctive feature is the deliberate corruption of DOS and PE headers, which hinders reverse engineering and complicates the reconstruction of the executable from memory dumps. Researchers had to manually locate the malware’s entry point and resolve complex import tables for it to function in a controlled environment.
Microsoft Warns Windows Users—Emergency Update Within Days
Winsage
May 31, 2025

Microsoft Warns Windows Users—Emergency Update Within Days

Microsoft is addressing issues with the May 13, 2025 Windows security update (KB5058405) that is failing to install on some Windows 11, version 22H2 and 23H2 devices. An out-of-band update is planned to be released shortly. A recovery error message indicating that “your PC/Device needs to be repaired” may appear, with the root cause identified as an ACPI.sys driver problem, potentially showing the error code: 0xc0000098. Most reports of this update failure have come from virtual environments, affecting enterprise users more than home users. Earlier in May, a similar emergency update was issued for Windows 10 users experiencing a BitLocker Recovery screen during the installation of a security update.
Windows 11's May security update is crashing PCs with code 0xc0000098
Winsage
May 30, 2025

Windows 11’s May security update is crashing PCs with code 0xc0000098

Microsoft rolled out update KB5058405 for Windows 11 23H2 to address critical security vulnerabilities, but users are reporting significant issues, including boot failures with error code 0xc0000098. This problem affects both Windows 11 23H2 and 22H2, primarily in virtual environments like Azure Virtual Machines and on-premises virtual machines hosted on Citrix or Hyper-V. Home users with Windows Home or Pro editions are less likely to experience this issue. The error indicates a missing or corrupted ACPI.sys file, which is essential for managing hardware resources and power states. Microsoft is currently investigating the issue and has not yet provided a resolution.
These are the end dates for Windows 10 and Windows 11
Winsage
May 27, 2025

These are the end dates for Windows 10 and Windows 11

Windows 10 support will cease for most users on October 14, 2025. Windows 10 version 22H2 will also reach its end-of-life on this date. Windows 10 version 21H2 has already reached its end-of-life as of June 11, 2024. Microsoft offers Extended Security Updates (ESU) for organizations transitioning to Windows 11, with individual consumers able to secure up to one additional year of support and organizations up to three years at increasing costs. The Microsoft Volume Licensing Program starts at per device in the first year, escalating to 0 in the second year and 0 in the third year. Windows 10 IoT Enterprise LTSC 2021 will remain supported until January 13, 2032. Windows 11 22H2 is supported until October 8, 2024, Windows 11 23H2 until November 11, 2025, and Windows 11 24H2 until October 13, 2026. Extended Security Updates for Windows 11 could extend support until 2029. Windows 11 24H2 Enterprise offers support until October 12, 2027, while IoT Enterprise LTSC 2024 has updates until October 10, 2034. The support timelines indicate a need for quicker transitions to new Windows systems.
Copilot on Windows: “Hey, Copilot!” begins rolling out to Windows Insiders
Winsage
May 14, 2025

Copilot on Windows: “Hey, Copilot!” begins rolling out to Windows Insiders

Microsoft is rolling out an update for the Copilot app through the Microsoft Store, introducing several enhancements. A key feature is the "Hey, Copilot" wake word, allowing users to activate Copilot Voice hands-free. Users must enable this feature in the app's settings. Once activated, users can say "Hey, Copilot" followed by their query, and the Copilot interface will appear on the screen. Conversations can be ended by tapping the ‘X’ or automatically after a few moments of silence. The feature requires manual activation and will show that the microphone is in use when enabled. The wake word detection occurs locally, and no recordings are sent to the cloud until the wake word is recognized. The feature is available only in English and requires the PC to be powered on and unlocked. The update version 1.25051.10.0 and higher is being rolled out gradually to Insiders with English display language settings. Users can provide feedback through the app.
How to upgrade your 'incompatible' Windows 10 PC to Windows 11
Winsage
May 9, 2025

How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11

On October 14, 2025, Microsoft will stop providing security updates for Windows 10 unless users enroll in the Extended Security Updates program. Upgrading to Windows 11 may be difficult for PCs older than five or six years due to strict compatibility requirements, including a CPU on the approved list and a Trusted Platform Module (TPM) version 2.0. Users may encounter error messages if their hardware does not meet these criteria. There are workarounds for some users, particularly those with PCs designed for Windows 10, but older devices, especially with AMD processors, may face significant challenges. To upgrade, users must ensure their PC is configured to start with UEFI, supports Secure Boot, and has an enabled TPM. A registry edit can allow bypassing CPU checks and accepting older TPM versions. Alternatively, a clean installation of Windows 11 can be performed using installation media, which bypasses CPU compatibility checks but still requires TPM and Secure Boot support. Microsoft has introduced new restrictions with the Windows 11 version 24H2 update, requiring CPUs to support specific instructions (SSE4.2 and PopCnt). For those opting to use the Rufus utility to create installation media, it is essential to use version 4.6 or later to bypass compatibility checks. Users must download the Windows 11 ISO, prepare a USB drive, and follow specific steps to initiate the upgrade process.
Search