Malware Analysis
The latest Malware Analysis coverage — news, analysis, and updates from the WindowsNews.AI desk.
SEBI warns: Boss Scam now hijacks Windows PCs to send payment orders from executives' own WhatsApp
India’s securities regulator SEBI issued an advisory on July 17 about a ‘Boss Scam’ where fraudsters compromise Windows PCs to hijack WhatsApp Web sessions and send fraudulent payment orders from executives’ authentic accounts. The attack blends social engineering, malware, and weak payment workflows, putting Windows users at the center of the risk. Immediate steps include hardening endpoints with Microsoft Defender’s Attack Surface Reduction rules and establishing verification processes that don’t rely on a single chat message.
Windows 11 Update KB5101650 Triggers 400 Hz Monitor Blackouts—Here’s What to Do
After installing Windows 11 update KB5101650, a PC Gamer journalist and other users report high-refresh-rate monitor blackouts above 240 Hz, though Microsoft has not acknowledged a bug. This article explains what the update changes, who is affected, the context of its record-breaking AI‑assisted security fixes and a separate Dell hold, and offers concrete troubleshooting steps before considering a rollback.
Windows 10 LTSB 2016 Support Ends October 13, 2026: ESU, Migration, and Replacement Options
Windows 10 Enterprise LTSB 2016 and IoT Enterprise LTSB 2016 reach end of extended support on October 13, 2026. This article explains the paid Extended Security Updates program, migration alternatives, and step-by-step preparation for IT administrators managing industrial, medical, and embedded systems.
Unpatched Windows Zero-Day Lets Standard Users Hijack Admin Registry Hives
A newly disclosed zero-day in Windows User Profile Service lets standard users load another user’s registry hive, potentially exposing admin secrets. The LegacyHive proof-of-concept works on fully updated July 2026 systems, with no official patch yet. Defenders must rely on detection and application control to contain the local privilege escalation threat.
PowerToys 0.100.0 Unveils Command Palette Extension Gallery: A User's Guide and an IT Warning
Microsoft's PowerToys 0.100.0 transforms the Command Palette into an extensible launcher with a built-in gallery for third-party extensions. While a boon for productivity, the update introduces governance challenges for enterprise environments that lack native controls to manage these add-ons.
RHEL 8/9/10: A Tiny Compressed WebSocket Message Can Crash Your Server—No Patch Yet
A high-severity libsoup vulnerability (CVE-2026-15709) allows remote attackers to crash RHEL services with a single compressed WebSocket message. No official patch is available yet. The article explains the flaw, why it matters for Windows environments that host Linux workloads, and provides step‑by‑step guidance for inventory and mitigation until a fix lands.
How a Heap Bug in libsoup Can Crash Your WSL Apps – and What Windows Admins Must Do
A newly disclosed vulnerability (CVE-2026-15712) in the libsoup library allows remote attackers to crash applications via a malformed HTTP/2 GOAWAY frame. While libsoup is a Linux component, Windows users running WSL, Docker containers, or cross-platform apps need to check their exposure and prepare for imminent patches.
Windows PCs Face a Linux-Sized Security Hole: What to Know About CVE-2026-15714
A newly disclosed vulnerability in the libsoup HTTP library (CVE-2026-15714) can crash Linux applications that parse multipart HTTP responses and potentially leak memory. For Windows users, the risk lurks inside WSL distributions, containers, and cross-platform apps—not in Windows itself. This article explains what changed, who is affected, and how to audit your Windows-connected Linux environment for the bug while patches arrive from Linux distributions.
Red Hat Flags libsoup HTTP/2 Memory Leak That Can Crash Apps—No Patch Yet
Red Hat disclosed CVE-2026-15713, a memory leak in libsoup's HTTP/2 handling that can lead to out-of-memory crashes on RHEL 8, 9, and 10. No patch is available yet, so administrators must identify affected systems, determine which applications use the library, and assess whether those applications make HTTP/2 connections to attacker-influenced peers. The flaw poses a real but conditional risk, and a structured triage approach is essential until Red Hat releases a fix.
WSL 2 Kernel Lags Behind Critical Linux IPv4 Out-of-Bounds Write Fix
Microsoft's WSL 2 kernel (6.18.35.2) trails the upstream Linux fix for CVE-2026-53366, an out-of-bounds write in IPv4 zero-copy networking. While casual use carries low risk, developers and administrators running untrusted workloads must manually check and patch their WSL 2 environments to close the gap.
Windows 11's July Update Revamps System Recovery and Bluetooth, but Blocks These Dell PCs
Microsoft's July 2026 Patch Tuesday update (KB5101650) introduces Point-in-time Restore, a full-system snapshot recovery tool, along with long-awaited Bluetooth mute synchronization, a Widgets hover fix, and a flexible update pause calendar. The update fixes 570 security vulnerabilities and addresses a storage bloat bug, but a safeguard hold blocks installation on certain Dell PCs using Intel Innovation Platform Framework drivers due to performance and power conflicts.
ValorC3 Launches Managed Veeam Backup Service for Microsoft 365 and Entra ID with Immutable Storage
ValorC3 has launched a fully managed backup service that provides immutable copies of Microsoft 365 and Entra ID data using Veeam Data Cloud. The service targets organizations that need a separate recovery path for accidental deletions and ransomware, offloading the operational burden of backup management. IT teams should evaluate their current backup coverage and consider the 14-day default retention and immutability claims when assessing the offering.
ETHS Ransomware Recovery: How Device Sweeps and System Rebuilds Are Reshaping the School Year
Evanston Township High School warns that the ransomware attack that hit on June 7 will disrupt normal back-to-school tools and processes. With classes starting August 17, families should expect new technology platforms, phased service restoration, and extensive device reviews for staff. The district continues to investigate whether personal data was accessed, and IT teams nationwide are watching the recovery closely for lessons on endpoint trust and incident communication.