Windows systems Archives

Winsage

June 24, 2026

Windows RAT Uses Encrypted HTTP C2 and Registry Persistence After npm Infection

A malware campaign targets Windows systems through a malicious npm package named postcss-minify-selector-parser, which mimics the legitimate postcss-selector-parser. This counterfeit package installs a Remote Access Trojan (RAT) on developer machines, beginning with a multi-stage attack triggered by the installation of the package. The RAT can steal credentials, execute shell commands, and communicate with a remote attacker. Security researchers at JFrog identified this threat and reported it on June 22, 2026, noting that two additional related packages, postcss-minify-selector and aes-decode-runner-pro, are linked to the same publisher and remain live on the npm registry. The RAT employs encrypted HTTP communication with a command-and-control (C2) server and ensures persistence by creating a registry key under the Windows Run key. It has capabilities for remote shell execution, file uploads and downloads, and can steal saved login data from Google Chrome using Windows decryption APIs. The malware is designed for organized batch exfiltration of stolen data. Indicators of compromise include specific IP addresses, domains, file paths, and SHA-256 hashes associated with the malware components. JFrog advises users to remove the malicious packages, inspect their dependency trees, and treat any stored credentials as compromised.

Winsage

June 19, 2026

Microsoft and Adobe team up and make Photoshop 20% faster on Windows

Microsoft is collaborating with Adobe to enhance the performance of Photoshop, a widely used image editing software. The partnership focuses on optimizing operations within Photoshop, which is primarily developed in C++ and compiled using Microsoft’s Visual C++ (MSVC) compiler. Microsoft aims to improve performance for CPU-intensive tasks, particularly those that are latency-sensitive, such as brush responsiveness and file-opening tasks. The engineering team activated MSVC’s "peak-performance" compilation mode and explored profile-guided optimization (PGO) to refine executables. However, due to the complexity PGO introduced, they shifted to Sample-based Profile Guided Optimizations (SPGO), which uses hardware performance samples from actual release binaries. This method allows for greater flexibility in data collection and typically yields performance improvements of 5% to 15%. By combining MSVC’s peak-performance mode with SPGO, the teams achieved a 20% performance boost on x64 Windows systems and a 13% enhancement on Arm architecture. These optimizations resulted in improved responsiveness for critical tasks in Photoshop, enhancing the user experience in professional creative workflows.

Winsage

June 18, 2026

Microsoft fixes Windows Server 2016 security update failures

Microsoft resolved an installation issue affecting the June 2026 security updates (KB5094122) on Windows Server 2016 systems that had not previously installed the KB5087537 update, which was a prerequisite. Users had encountered 0x80070002 or FILENOTFOUND errors. Microsoft acknowledged the problem and confirmed that affected devices should no longer experience installation failures for the June 2026 update. Additionally, Microsoft fixed a similar issue with the May 2026 Windows 11 security update (KB5089549) that resulted in 0x800f0922 errors due to insufficient space on the EFI System Partition. They also warned users about potential installation issues with error codes 0x80073712 or 0x800f0993 on devices upgraded to Windows 11 24H2 or 25H2. Furthermore, Microsoft addressed a boot issue for Windows Server 2025 devices after the April 2026 update and a bug affecting installation failures for updates since May 2025 using the Windows Update Standalone Installer (WUSA). Lastly, they are investigating a separate issue preventing third-party applications from launching essential Office programs after the June 2026 updates.

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

Winsage

June 15, 2026

New Windows Zero‑Day Flaws Target Defender and BitLocker

A cybersecurity researcher known as “Nightmare Eclipse” has revealed two zero-day exploits threatening Windows systems: RoguePlanet and GreatXML. RoguePlanet targets Microsoft Defender, allowing attackers to execute privileged actions and gain SYSTEM-level access on Windows machines. It is a local privilege escalation vulnerability that remains effective on fully updated systems. GreatXML claims to bypass BitLocker disk encryption by manipulating the Windows Recovery Environment, potentially granting access to protected files. However, its effectiveness may be overstated, as it might require administrator-level access. Microsoft advises organizations to implement security updates, treat lost or accessible devices as high-risk, enforce stricter policies, and monitor threat intelligence to mitigate exposure to these vulnerabilities.

Tech Optimizer

June 14, 2026

Avast Free Antivirus: classic security staple for everyday PCs

Avast Free Antivirus is a free antivirus solution for Windows PCs developed by Avast (Gen Digital). It provides essential malware protection, real-time scanning, and web safety features without requiring a paid subscription. Users in the U.S. can download it from the official Avast website and install it on compatible Windows systems. The software identifies and blocks viruses, spyware, ransomware, and other forms of malware using signature-based detection and cloud-assisted analytics. It includes features such as real-time protection, on-demand scanning, an email shield, a Wi-Fi inspector, and behavior shields. Avast Free Antivirus offers automatic updates to ensure current protection against emerging threats. It serves as a gateway product to Avast's paid tiers, which offer additional features. The software is primarily aimed at home users who need basic antivirus protection and is available for free personal use.

Winsage

June 11, 2026

Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows

Nightmare Eclipse has released a new zero-day vulnerability exploit called GreatXML, which allows unrestricted access to BitLocker volumes on Windows systems that have previously run a Microsoft Defender Offline scan. This discovery was made in four hours and adds to Nightmare Eclipse's total of eight zero-day vulnerabilities. Microsoft is investigating the claims related to another exploit, RoguePlanet, but has not commented on GreatXML or provided a patch timeline. Nightmare Eclipse, rumored to be a former Microsoft employee, has faced backlash from the security community for previous disclosures and has vowed to continue releasing vulnerabilities. Security expert Will Dormann has raised concerns about the practicality of the GreatXML exploit, noting that it requires administrative access and questioning the accuracy of the instructions provided by Nightmare.

Winsage

June 11, 2026

Windows 11 Sucks Slightly Less Now, Thanks To A June Update

The June update for Windows 11, identified as KB5094126 (OS Builds 26200.8655 and 26100.8655), introduces significant enhancements and numerous bug fixes and security patches. A key feature is a low-latency profile that improves responsiveness of core system elements like the Start Menu and Search by allowing the CPU to quickly reach maximum clock speed upon user interaction. This update also refines the Start Menu, improves app launch speeds, and addresses longstanding issues such as faster downloads from the Windows Store and optimized Windows Search results. New features include multi-app camera support, Shared Audio functionality for streaming to multiple Bluetooth devices, and the ability to personalize user folder names during installation. Additionally, the update resolves 206 security vulnerabilities, including a critical kernel-level remote code execution vulnerability (CVE-2026-45657) with a threat score of 9.8.

Winsage

June 10, 2026

Microsoft releases Windows 10 KB5094127 extended security update

Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.

Winsage

June 6, 2026

Microsoft released new Defender update for Windows 11, 10, Server ISO installations

Microsoft is rolling out updates for Windows Defender to protect users from newly discovered malware threats. These updates occur frequently, with a significant refresh every three months for Windows installation images (WIM and VHD) and ISOs. The recent Windows 11 update includes the latest definitions and addresses vulnerabilities from outdated anti-malware definitions in installation images. The latest security definitions were delivered through security intelligence update version 1.445.323.0, applicable to various platforms, including Windows 11 and several Windows Server versions. The update enhances the anti-malware client, engine, and signature versions to platform version 4.18.26040.7, engine version 1.1.26040.8, and security intelligence version 1.447.236.0. The most recent intelligence update is version 1.451.297.0, which improves threat detection against various malware types.