Zip Archives

Winsage

May 5, 2026

Defender yanks root certs as Windows updates blocks backups

Microsoft's Defender anti-malware tool update version 1.449.425.0 removed two DigiCert root digital certificates, leading to false positives that flagged them as severe malware (Trojan:Win32/Cerdigent.A!dha). This incident was later identified as a false positive, and updating to version 1.449.430.0 or later reinstates the certificates. The issue may be linked to a DigiCert employee encountering disguised malware. Additionally, Windows updates from April 14 caused third-party backup applications to malfunction due to the addition of vulnerable psmounterex.sys kernel driver versions to a blocklist. Users experienced difficulties with mounting backup image files, and Microsoft referenced a vulnerability rated 9.3 out of 10 in the driver. Other affected software includes Acronis Cyber Protect Cloud and UrBackup server. Microsoft has not explained the delay in adding the vulnerable driver to the blocklist, and other recent update-related issues have also been reported.

Tech Optimizer

May 4, 2026

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to their removal from Windows systems globally. This issue arose after a Defender signature update on April 30th, with affected certificates including 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. The certificates were removed from the AuthRoot store under the Registry key HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates. Microsoft has addressed the issue in Security Intelligence update version 1.449.430.0, which also restored the removed certificates. The false positives were linked to detections related to a recent DigiCert breach, where threat actors obtained valid code-signing certificates used for signing malware. DigiCert revoked 60 code-signing certificates, including those linked to the "Zhong Stealer" malware campaign. The malware utilized certificates issued to companies like Lenovo and Kingston, but the certificates flagged by Microsoft Defender are root certificates and do not correspond to the revoked code-signing certificates.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

AppWizard

April 30, 2026

LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection

Minecraft players are being targeted by a deceptive hacking tool called “Slinky,” which is actually an infostealer known as LofyStealer linked to the Brazilian cybercrime group LofyGang. The malware uses a Node.js-based loader and a C++ payload to extract sensitive browser data, disguising itself as a Minecraft hack. It primarily targets younger players who may unknowingly execute it. The malware operates through a two-stage architecture, with a 53.5 MB loader binary that injects a smaller 1.4 MB payload into browser processes, bypassing detection methods. It collects sensitive information such as cookies, passwords, and credit card details, compressing and encoding the data for exfiltration. The command-and-control (C2) infrastructure is hosted in Brazil, and the malware's design reflects advanced compilation techniques. The campaign is attributed to LofyGang, which has evolved into a more professional entity, posing severe risks to players who download cheats and cracked tools. Indicators of compromise include a specific C2 IP address and associated endpoints.

AppWizard

April 30, 2026

LofyStealer Uses Node.js Loader Against Minecraft Gamers

Cybersecurity threat hunters have discovered an active infostealer campaign targeting the gaming community, involving malware called LofyStealer (or GrabBot) that disguises itself as a Minecraft hack named “Slinky.” The attackers use the official game icon to trick young gamers into executing the malware. The Brazilian cybercrime group LofyGang has enhanced its technical capabilities, utilizing a sophisticated two-stage modular architecture. The initial stage features a 53.5 MB loader file named load.exe, which is a Node.js runtime environment that obscures malicious signatures. The loader connects to the attacker’s server and decrypts a 1.4 MB C++ payload, chromelevator.exe, which targets eight web browsers to extract sensitive information like cookies and passwords. The stolen data is compressed, encrypted, and sent to the attacker’s server. LofyGang has evolved into a Malware-as-a-Service platform, offering a web panel for operators to monitor victims and generate custom executables. The campaign highlights the increasing threats to the gaming community, with advanced evasion techniques being employed by cybercriminals. Security professionals are advised to monitor network traffic and conduct audits for suspicious activities.

Winsage

April 24, 2026

Stop installing these 4 apps—Windows does it all now

Windows has evolved to integrate functionalities that were once reliant on third-party applications, such as native support for ZIP files introduced in Windows ME in 2000, and the ability to open and create RAR, TAR, and 7z formats directly from File Explorer. Features like Storage Sense have replaced the need for tools like CCleaner by allowing users to manage temporary files more easily, and the effectiveness of Windows Defender has reduced the necessity for third-party antivirus solutions. Additionally, modern Windows can mount ISO files directly, eliminating the need for applications like Daemon Tools. The trend of operating systems adopting features from third-party applications, known as "Sherlocking," reflects a response to user demands while still allowing for optional third-party solutions.

AppWizard

April 24, 2026

adidas deals from $28: Dame X Shoes, MINECRAFT SLIDES, Jamaica 26 x Bob Marley Home Jersey, more

Adidas is offering various markdowns, including: - Performance Dame X Shoes - Price not specified, previously at an unspecified amount - Men’s Jamaica 26 x Bob Marley Home Jersey - Priced at an unspecified amount, reduced from 0 - Men’s Sportswear Essentials Fleece 3-Stripes Full-Zip Hoodie - Now available for an unspecified amount, originally at an unspecified amount - Men’s Performance Italy 26 Tiro Training Pants - Now priced at an unspecified amount, down from an unspecified amount - Sportswear ADILETTE SHOWER MINECRAFT SLIDES - Available for an unspecified amount, previously at an unspecified amount Additionally, Nike Total 90 Shoes are discounted by 20%, and jogger pants start at an unspecified amount with Prime shipping.

Winsage

April 20, 2026

Original Task Manager creator explains why it lies to you about CPU usage — former Microsoft engineer shows unique solution to a seemingly simple, but actually complicated, task

Dave Plummer, a former Microsoft engineer and architect of the original Task Manager, explained the complexities of measuring CPU usage. He noted that the process is not as simple as it seems, as CPU activity can vary across different cores and the timing of measurements can influence results. The Task Manager accounts for various states of CPU activity, including user mode, kernel mode, interrupt time, deferred procedure calls, and idle loops, making the measurement of CPU utilization a complex task rather than a straightforward one.

Winsage

April 19, 2026

Fix: “Cannot Complete the Archive Extraction” in Windows

Users may encounter the error message “Cannot complete the archive extraction wizard” when using the built-in Windows extractor for ZIP or RAR files, indicating limitations of this tool. Common issues include damaged archives, incompatible compression methods, long file paths, restricted extraction locations, insufficient disk space, or interruptions from security software. To address these challenges, users can: 1. Use third-party extractors like 7-Zip, WinRAR, or PeaZip for better compatibility and success rates. 2. Check if the archive is corrupted and re-download it if necessary, ensuring the download completes fully. 3. Shorten the file path by moving the archive to a simpler directory to avoid exceeding path limits. 4. Temporarily disable antivirus or real-time protection, as it may interrupt the extraction process. If problems persist, testing the archive on a different PC can help determine if the issue is with the archive or the current system. If the archive fails on another computer, it is likely corrupted or incomplete, requiring a fresh download or replacement.

Winsage

April 18, 2026

“A solid list from the community,” as Reddit users highlight 10 open‑source apps that run great on Windows 11 and deserve more attention

Open-source software is becoming increasingly popular among Windows 11 users for its control, privacy, and avoidance of subscription models. Key applications highlighted include: - Firefox: A recommended open-source browser known for its privacy, customization, and performance, with robust extension support and regular updates. - Bitwarden: An open-source password manager that offers encrypted vault syncing across devices, end-to-end encryption, and features like password generation and autofill. - OBS Studio: A standard tool for screen recording and live streaming, praised for its flexibility and hardware acceleration support on Windows 11. - LibreOffice: A comprehensive office suite that provides document, spreadsheet, and presentation tools without subscription fees, supporting common Microsoft Office file formats. - 7-Zip: A file compression utility recognized for its speed and efficiency, offering enhanced security features not present in Windows 11's built-in archive support. - LocalSend: A file transfer tool that allows secure transfers over a local network without needing accounts or cloud services. - GIMP: An open-source image editing tool regarded as an alternative to Photoshop, known for its flexibility and extensive customization options. - Blender: An advanced open-source application for 3D modeling, animation, and video editing, benefiting from strong GPU acceleration on Windows 11. - PowerToys: A suite of productivity utilities for Windows 11 that enhances core features with tools like FancyZones and PowerRename. These applications are favored for their ability to enhance the user experience while prioritizing control, transparency, and long-term usability.