Tux Machines

Do you waddle the waddle?

Other Sites

Internet Society

Digital Coercion: How Inaccessible Design Strips Financial Privacy

When we talk about privacy online, we usually picture companies harvesting our data, platforms tracking our movements, governments peering into our accounts. We rarely picture a blind woman in Islamabad who closes her banking app because an unlabeled button has just forced her to either wait until she gets home to finish a task or do it at work and reveal her bank balance to a colleague.

The Need to Reimagine the WSIS Forum

The World Summit on the Information Society (WSIS) Forum 2026 confirmed that there is a strong appetite for global collaboration on digital development. But it also highlighted the need to rethink how the forum turns global commitments into measurable results.

How Local Peering Is Strengthening Africa’s Internet

Only 36% of people in Africa are online, according to 2025 International Telecommunication Union (ITU) estimates. But every year, more are connecting, creating new opportunities to access education, government services, information, and economic growth.

9to5Linux

MKVToolNix 100 MKV Manipulation Tool Brings New Features and Enhancements

MKVToolNix 100 (codename “Do Hot Girls Like Chords”) is here to improve the job queue in the MKVToolNix GUI with a context menu for opening copies of the selected queue jobs in the multiplexer as new settings without removing the queue jobs, and the ability to search for job descriptions, outputs, warnings, and errors.

COSMIC 1.3 Desktop Environment Released with Frosted Glass Effect

Coming two weeks after COSMIC 1.2, the COSMIC 1.3 release introduces the highly anticipated Frosted Glass effect that makes your graphical session transparent. Frosted Glass can be tweaked from the Appearance page in COSMIC Settings, under the Style section.

Clonezilla Live 3.3.3 Disk Imaging Tool Adds Reverse-Connection Network Cloning

Powered by Linux kernel 7.0.14 and based on the Debian Sid (Unstable) repository as of July 5th, 2026, Clonezilla Live 3.3.3 updates the ocs-onthefly tool with support for reverse-connection network cloning and the ability to handle setups with multiple disks that have existing partitions, and adds the network-manager-tui package to the live system so you can use NetworkManager‘s text-mode interface.

Blender 5.2 LTS Released with New Fill Tool and Thin Wall Mode, Other Changes

Highlights of Blender 5.2 LTS include a brand new Fill tool, a new Bevel node, new Geometry bundles, a new Sample Sound node to pull frequency data from audio files, support for Geometry nodes in empty objects, and support for node-based physics simulations powered by Geometry nodes.

System76 Launches Next-Gen Adder Pro Linux Laptop with 2K OLED Display

The new Adder Pro Linux laptop is a workstation-caliber horsepower featuring a durable and lightweight magnesium-aluminum alloy chassis, a vivid 15.3-inch 2K OLED glossy display with 2560×1600 resolution, 500 nits brightness, 1,000,000:1 contrast ratio, 10-bit RGB native colors (1.07 billion colors), 16:10 aspect ratio, and 165Hz refresh rate.

KDE Plasma 6.7.3 Is Out to Disable Keyboard Accent-Color Syncing by Default

Coming two weeks after KDE Plasma 6.7.2, the KDE Plasma 6.7.3 update is here to disable KDE’s Kameleon system service by default to prevent it from applying accent colors to your keyboard due to incoming support for Steam Machine’s LED strip, which will ship in KDE Plasma 6.8 and will also enable RGB keyboard backlighting support on more keyboards.

9to5Linux Weekly Roundup: July 12th, 2026

I want to thank everyone who sent us donations; your generosity is greatly appreciated. I also want to thank all of you for your continued support by commenting, liking, sharing, and boosting the articles, following us on social media, and, last but not least, sending us feedback.

Tor Project blog

New Release: Tor Browser 15.0.18

This version includes important security updates to Firefox.

LinuxGizmos.com

Clintech Pico Board exposes all 48 RP2354B GPIOs in Pico-compatible form factor

The RP2354B combines dual 150MHz Arm Cortex-M33 cores with dual Hazard3 RISC-V cores. Two processing cores can operate at a time, allowing developers to use two Arm cores, two RISC-V cores, or a mixed configuration with one of each. The microcontroller also provides 520KB of SRAM, three programmable I/O blocks with 12 PIO state machines, and 2MB of stacked in-package QSPI flash.

Tronlong TLT153-MiniEVM pairs quad-core Cortex-A7 processing with a Xuantie E907 RISC-V core

The Allwinner T153 is manufactured on a 22nm process and combines four Arm Cortex-A7 cores running at up to 1.608GHz with a 600MHz Xuantie E907 RISC-V core.

Ka-Ro QS93 and QS95 solder-down modules come with Linux evaluation boards

The QS93 is based on the NXP i.MX 9352 processor, which includes two Arm Cortex-A55 application cores running at up to 1.7GHz and a 250MHz Cortex-M33 core for real-time processing. The processor also integrates an Arm Ethos-U65 microNPU and NXP’s EdgeLock secure enclave.

news

Microsoft Windows 11 Caches Exploitable Malware

posted by Roy Schestowitz on May 15, 2024

Fishtank PC builds

Reprinted with permission from Cybershow. Author: Helen Plews.

Figure 1: Tom's Hardware: Fishtank PC builds.

Malware is often thought of as a human interaction with a digital device that causes an infection such as a virus or worm. We assume a human used bad authentication, or the human clicked the bad link, the human downloaded the malware…

So if we have anti-virus and anti-phish educational campaigns we should be well protected right? What about the technical side of cybersecurity, where the hardware, network equipment, end device or software vulnerability is the cause?

This article will examine a case where an operating system is able to automatically open and store a phishing email attachment, leading to potential compromise. In this case Windows 11 has been caching attachments locally to provide synchronisation across devices with the Outlook Application. In many cases, it has cached exploitable malware. This is a growing issue brought to light by Windows 11 users and anti-virus providers, instead of the makers at Microsoft.

Dropper Investigation

I am a life-long gamer and from experimentation over the years, I know I have the best rig, a customisable gaming PC. It’s very nice hardware it looks stunning with rainbow glowing fans and it sounds like a mini jet engine, rendering most graphics on Ultra with a graphics card which is at most 2 years old. The only issue I have had with it is in the operating system, which of course for a big gamer is Windows 11 due to its age. After just two weeks of operation I was alerted to a dropper located in my Windows Appdata folder, it was not dropping any further viruses yet as it had been caught by my expensive AV - which is why it sounds like a jet engine due to the large use of CPU!!

Was it a false positive? Well I ran the offline scan myself as my machine took 8x longer to boot. It behaved as if rebooting after a major update. There were no updates carried out, which made me suspect something amiss.

The virus location was not new to me, it is an appdata folder present in Windows 10 and Windows 11 for Windows mail in particular it processes mail syncing across devices; the full path is:

C:\Users\’Username’\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\SO\

Now I have had viruses popping up here before, in fact it has been an ongoing problem since I adopted the Windows 11 operating system (OS) in 2022 on the household laptops. Since then, both of my son’s laptops have alerted me to droppers and Trojans in the same Appdata folder. I initially assumed my children were not so good with their cybersecurity (being aged 5 and 9 that makes sense). Maybe they had clicked an email notification. Maybe they had downloaded some Trojan in the style of a game from a requested and shoddy gaming store all parents know about, stealthy and all whilst under supervision. That was until my brand new gaming rig got one.

Examining the attack timeline of my gaming rig in detail showed that a phish had been ‘clicked’ from my Hotmail account which was logged in on my Outlook App, running in the background processes (not running in my taskbar) whilst I played some epic title the night before. This ‘click’ put an infected PDF invoice on my PC, and on boot the next day activated the dropper, slowing the machine right down - which gave me a clue.

Now let's be clear about how Microsoft works, as I understand it, and why this is a gripe serious enough to warrant its own blog post.

You must sign in online to a Microsoft account to access the PC at all times, then it creates session keys for all applications that come installed as standard with the OS. So, unless you take some drastic measures I will discuss in a moment, you will undoubtedly be running sessions of Windows apps in the background; Outlook, OneDrive, Teams, Xbox, Photos, Office, Store, the list is quite extensive.

Moving on, I look for the phish email I had. According to my AV "clicked on" log, I located the suspicious subject of the email. It was something akin to;

AMAZON ACCOUNT ###U$IIHknDBWON38383y4y29~~~

Now, you do not need to be a cybersecurity expert to tell that is a phish from the subject which was located using the now foreground Outlook app. And as expected, it was unread. It showed me that within a few minutes of receiving the unread email, the attached PDF invoice was added to the Windows Communication Appdata folder, which led to the dropper found by the offline scan.

It seemed that Outlook App was saving unread attachments to the appdata folder where the virus was located. Some of the located viruses over the past two years were found on multiple devices that used the same MS credentials which unless stated otherwise, auto sync application data. That is exactly what the

microsoft.windowscommunicationsapps_8wekyb3d8bbwe

folder is for. It contains both the application data for Windows apps like Outlook to run and sync as well as data obtained in the process. I synced between my children's laptops as my account was the administrator for the network, it kept them safer online. Or so I thought.

Vulnerability Research

So I start down the usual process of researching the vulnerability to find a permanent mitigation. I find nothing at first, no CVE, no reports. I do find some details on the MS community website like this one from "2020 Trojan Found and Deleted"… but it Returns (Trojan: HTML/Phish.AB!MSR) . It is here I see the same problem and I see a response from an expert.

“The trojan is an email attachment synced to your PC. Do you have some Hotmail or Microsoft email setup in an email client applications like Outlook?” - Independent Expert, MS Community, 2020

So I search all around this topic and I cannot find anything from Microsoft about this issue right away, but I do find many victims. Anti-Virus companies, affected users and experts alike are all drawing attention to this problem. Eventually, thanks to Reddit I find a similar experience from a commentor who managed to find the reported exploit listed by Microsoft. You can find many more threads on the issue on Reddit with a search.

“Looking into the report we have a "Exploit:O97M/CVE-2017-11882.AZA!MTB" match, which doesn't seem to be that ominous since it requires the file to be executed on a non-updated Office/WordPad, still it ain't something I'd like to find lying around because the app found it was a good thing to download it, without my consent.” - JVMTG, Reddit, 2023

It is a known software error marked as severe on their own security intelligence website, with 24 exploits under the O97M CVE. I’d like to say I have more details from Microsoft but I do not, instead they offer very little default cybersecurity steps, such as "remain up to date and don’t click a phish".

This does seem rather severe. It locally caches attachments from emails including those which have not been opened to the windowscommunicationsapps folder from the Outlook App. It will then auto sync the data in the folder to all devices using the same credentials in their Outlook App on their phones, laptops, desktops, anywhere the Outlook App runs.

The only step missing for a full compromise is that infected files are auto-run… a feature I feel sure Microsoft are working on at this exact moment!

Attacks are becoming more complex, in 2022 they were able to add the dropper, which very slowly downloaded a fairly rubbish Trojan, which was easily removed. Recently there were 74 password protected files and multiple Trojans appearing as game applications in the same appdata folder. These were located only weeks after a fresh OS install and could not be explained by known activities on the machine or entirely resolved by AV due to the encryption of the folders they were located in.

Impact

Take a moment to think about how many commercial users of the Outlook application have auto-sync enabled in daily use. All those using Office 365 who sync between devices on their smartphone, personal devices and company equipment, or amongst family member's tablets and laptops. You should be concerned. And then get mad as hell, because it seems Microsoft have created their own quite special service for propagating malware, one that's been ongoing since at least 2020.

I have wasted countless hours re-installing OS’s, searching files, reading reports and researching this issue to find my only salvation in Reddit. Reddit of all places! This looks like something Microsoft rather wanted to sweep under the rug.

If you sync with Outlook App between devices with the same MS account, you are vulnerable to this malware propagation. Microsoft insist users take advantage of auto-synced features across devices and use this as a clear marketing tool especially for commercial settings. It seems my trust in this feature was misplaced.

Mitigation And Loss of Trust

Some will say that this is "just a feature" of sync. I disagree because like so many Microsoft processes it feels out of control. It does not just synchonise expected user data. It inappropriately populates and copies undocumented files into system folders and, without any knowledge or intervention from the user, replicates them across devices.

The mitigation is you must live without synchronisation in Microsoft applications. So far it has worked 100%. Turning off sync across applications does work. This can be done during an OS install by refusing all sync options when prompted. You must also make sure it is off in the account settings for the user. This can be done from the settings panel when logged on to Windows. There are many guides available like this one from Process.st. Even with sync off, you can still access email and other services using the web applications, which will sync files and emails but will not store these to the local machine.

If like myself, you have lost trust in the applications themselves, removing windows apps entirely may be more fitting, this allows the folder

microsoft.windowscommunicationsapps_8wekyb3d8bbwe

to be deleted and does not appear, like a lurking background threat at a later date just in case you change your mind. My gaming rig has only one MS app remaining, Xbox and that is the way it will stay until the situation is openly discussed by MS and the vulnerability resolved. No more Appdata Phishes please.

In summary, no amount of phishing training will prevent a bad design in the operating system. Caching malware infected attachments to system folders and replicating them is bad design in my opinion. In this case, the operating system has been phished, not the human.

Other Recent Tux Machines' Posts

Fuzzing or Fuzz Hype in Relation to Linux Bugs
recent coverage
System76 Launches Next-Gen Adder Pro Linux Laptop with 2K OLED Display
System76 launches new-generation Adder Pro Linux laptop with a 2K OLED display, up to 96GB RAM, up to 4TB storage, NVIDIA RTX 50 Series graphics, and Intel Core Ultra 7 356H.
Linux 7.2, Third RC (rc3)
now out
IBM's Trouble is Also Red Hat's Problem [original]
One can expect the PIPs ("silent layoffs") to pick up pace
KDE Plasma 6.7.3 Is Out to Disable Keyboard Accent-Color Syncing by Default
KDE Plasma 6.7.3 is now available as the third maintenance update to the KDE Plasma 6.7 desktop environment series with more improvements and bug fixes.
 
GNU/Linux on Consoles and Games (or DRM) on GNU/Linux
gaming picks
Engineer shoves Linux peg through Sega 32X-shaped hole
'Performance is abysmal, bus contention is bonkers, but it does work'
Linux.org and Linux (Kernel) Leftovers
5 more stories
Distributions and Operating Systems: Haiku, openSUSE, Ubuntu, and More
OS leftovers
Free, Libre, and Open Source Software or Sharing Leftovers
FOSS and sharing
Content Management Systems (CMS): Bear, Bugs, and WordPress/WordCamp
WWW platforms
Interoperability and Standards: General Court of the European Union (General Court), RSS, Jabber, and More
news about standards
Programming Leftovers
Development picks
Debian: Xdebug Integration, Debian 12.15 and 13.6 Released
Debian leftovers
Audiocasts/Shows: Wonders of Web Weaving, Late Night Linux, and What’s in the SOSS?
new episodes
Mozilla, Firefox, Thunderbird, and Thundermail
Some Mozilla blog posts
FSF / Software Freedom / Digital Sovereignty Leftovers
"Stop the GUARD Act", "Europe’s Digital Sovereignty"
GNU Projects: GIMP Interview with Liam Quin and Emacs News
3 picks for today
OpenBSD and FreeBSD News
3 picks regarding BSDs
Games: ScummVM, Godot, and Tech Ruining Sport
gaming picks
GNOME OS, GNOME Crosswords, and "GNOME Wants to Let You Test Experimental Features Without Breaking Anything"
GNOME news
KDE Linux, Klipper, and KeepSecret
KDE leftovers
Open Hardware/Modding: Raspberry Pi, RISC-V, and More
devices and more
Red Hat, Fedora, and the Ongoing Slop ("AI") Circus of IBM
Red Hat mostly
Applications: AppManager, Xournal++, EasyOS Graphical Installer, and More
software picks
today's howtos
Instructionals/Technical picks
Security Leftovers
patches and more
Microsoft Breaks New Record for Holes
Microsoft, well done!
United States Of America: GNU/Linux is Winning [original]
Regardless of the final score, GNU/Linux is already winning
Staying Behind to Produce More Original Stories [original]
Today or yesterday I began experimenting with a new approach
Will England Play Spain? [original]
This week we are altering workflows to increase our overall output
MKVToolNix 100 MKV Manipulation Tool Brings New Features and Enhancements
MKVToolNix 100 open-source Matroska (MKV) manipulation software is now available for download with new MKVToolNix GUI features, mkvmerge improvements, and various other chnages.
statCounter Sees GNU/Linux on 1 in 13 Laptops/Desktops [original]
GNU/Linux gaining
Android Leftovers
I stopped using Google Maps in Android Auto and switched to an open-source navigator that respects my privacy
After almost two years, KDE Plasma’s animations finally look good again on Nvidia cards
If you've used KDE Plasma on an Nvidia card lately and felt the animations weren't as smooth as they could be, it's not just you
Free and Open Source Software
This is free and open source software
Games: Best of Killer Bundle, HYPERWIRED, Pulsebreaker, and More
new from GamingOnLinux
Today in Techrights
Some of the latest articles
COSMIC 1.3 Desktop Environment Released with Frosted Glass Effect
COSMIC 1.3 desktop environment is now available with support for the Frosted Glass effect, updated components and translations, as well as various improvements and bug fixes.
Android Leftovers
LineageOS proves you can de-Google your Android phone without ruining your life
Every major Linux distro wants COSMIC, and it hasn't even finished its first year
The cool thing about Linux is that
I'm a serial Linux distro hopper - these 7 signs mean it's time to switch
If you're looking to try a different Linux distribution
Free and Open Source Software
This is free and open source software
GNU/Linux at 6% in Africa [original]
It seems clear Windows sank again
Society Needs Free Software [original]
Free software is computer software (code) that respects the liberty and will of its respective user or users
Free, Libre, and Open Source Software, the Web, and Standards
FOSS and more
Graphics, Debian, and More
today's leftovers
System76 Launches New Lemur Pro Linux Laptop with 18-Hour Battery Life
System76 launches new Lemur Pro ultraportable Linux laptop with all-day battery life, Intel Core Ultra processors, and a 16-inch variant.
Audiocasts/Shows: LINUX Unplugged and This Week in Linux
a pair of new episodes
Programming Leftovers
Development related picks
FSF / Software Freedom Updates, Slop Industry Distorts the Meaning of Digital Sovereignty
Freedom issues in the news
News About Ubuntu 26.04, Ubuntu 26.10, and "NVIDIA 610 Driver Coming Soon to the Official Ubuntu Repository"
Ubuntu leftovers
Applications: Scrcpy 4.1, Biopass, and Limine
software in GNU/Linux
today's howtos
only 3 more for now
Games: SuperTuxKart Evolution, New Steam Games Playable on the Steam Deck, and Can Counter-Strike 2 Run on GNU/Linux?
gaming leftovers
Google Summer of Code KDE Work, This Week in GNOME, and GNOME’s Built-in Night Light
KDE and GNOME leftovers
Red Hat and Fedora Leftovers
Recent Fedora and IBM news
Open Hardware/Modding: Commodore, ESP32, and More
Hardware projects
Juno Tab 4 Wi-Fi Linux Tablet Is Now Available to Order for $989 USD
Juno Computers launches the Juno Tab 4 Wi-Fi Linux-powered tablet with a 2K display, 16GB RAM, an Intel Ultra 5-115U processor, four desktop environments, and Debian GNU/Linux or Ubuntu.
New Linux Patches Reveal What Comes Next From Intel
3 new picks or recent news
Apple and GNU/Linux Containers
a pair of reports
Clonezilla Live 3.3.3 Disk Imaging Tool Adds Reverse-Connection Network Cloning
Clonezilla Live 3.3.3 disk imaging/cloning tool is now available for download with reverse-connection network cloning support, Memtest86+ 8.10, improved support for netboot clients, and more.
Blender 5.2 LTS Released with New Fill Tool and Thin Wall Mode, Other Changes
Blender 5.2 LTS open-source 3D graphics software is now available for download with new Fill tool, new Thin Wall mode, new Sample Sound node, a new Bevel node, and many other changes.
GNU/Linux Reaches 6% in Tanzania [original]
That's what statCounter is seeing anyway
Resilience Restored [original]
We envision no repetition of it
GNU/Linux "Market Share" Estimate Continues to Climb [original]
Based on the estimates from statCounter, the US plays a large part in this positive trend
today's howtos
howtos for now
Games: Denuvo DRM, CorsixTH 0.70, and More
latest from GamingOnLinux
Red Hat on Slop and Kubernetes News
redhat.com mostly
KDE Plasma 6.8 will finally fix the worst part of Spectacle
When you install Plasma, you also get excellent tools such as KDE Connect
Free and Open Source Software
This is free and open source software
Without Open Standards, Nothing Fits
LibreOffice’s Italo Vignoli argues that open standards are not just technical details
Today in Techrights
Some of the latest articles
Site Community News [original]
We are now catching up with a backlog of online news
GNU/Linux and BSD Leftovers
mostly GNU/Linux
Free, Libre, and Open Source Software Leftovers
Wireshark 4.6.7 Released; lots more
Programming Leftovers
Development related picks
Debian 13.6 “Trixie” Released with 124 Bug Fixes and 120 Security Updates
Debian 13.6 is now available for download as a new point release to Debian 13 “Trixie” with 124 bug fixes and 120 security updates.
today's howtos
Instructionals/Technical picks
Games: Diablo IV, DLSS, Steam, and More
gaming leftovers
Android Leftovers
Google Maps Immersive Navigation seems to be rolling out for Android Auto
They promised Linux Mint could replace Windows—here's 3 ways it falls short
Linux Mint is probably the most recommended Linux distribution for people switching from Windows, and for good reason
These 5 distros prove that Linux isn’t immune to bloatware
In all honesty, “bloat” is an awkward term that’s subjective, with different meanings, and it’s probably overused
Free and Open Source Software
This is free and open source software
Review: Artix 20260419
The Artix distribution is a member of the Arch Linux family
I tested COSMIC's new Frosted Glass effect, and it's way better than MacOS' Liquid Glass
This simply gorgeous Linux desktop just stole the UI crown from Apple's Liquid Glass
Rianne's August Birthday [original]
We've had time to reflect
Today in Techrights
Some of the latest articles
9to5Linux Weekly Roundup: July 12th, 2026
The 300th installment of the 9to5Linux Weekly Roundup is here for the week ending July 12th, 2026.