May 31, 2025Ravie LakshmananMalware / Cyber Crime A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in partnership with Dutch and Finnish authorities. These include AvCheck[.]net, Cryptor[.]biz, and Crypt[.]guru, all of which now display a seizure notice. Other countries that participated in the effort include France, Germany, Denmark, Portugal, and Ukraine. "Crypting is the process of using software to make malware difficult for antivirus programs to detect," the DoJ said. "The seized domains offered services to cybercriminals, including counter-antivirus (CAV) tools. When used together, CAV and crypting services allow criminals to obfuscate malware, making it undetectable and enabling unauthorized access to computer systems." The DoJ said authorities made undercover purchases to analyze the services and confirmed that they were being used for cybercrime. In a coordinated announcement, Dutch officials characterized AvCheck as one of the largest CAV services used by bad actors around the world. According to snapshots captured by the Internet Archive, AvCheck[.]net billed itself as a "high-speed antivirus scantime checker," offering the ability for registered users to scan their files against 26 antivirus engines, as well as domains and IP addresses with 22 antivirus engines and blocklists. The domain seizures were conducted as part of Operation Endgame, an ongoing global effort launched in 2024 to dismantle cybercrime. It marks the fourth major action in recent weeks after the disruption of Lumma Stealer, DanaBot, and hundreds of domains and servers used by various malware families to deliver ransomware. "Cybercriminals don't just create malware; they perfect it for maximum destruction," said FBI Houston Special Agent in Charge Douglas Williams. "By leveraging counter-antivirus services, malicious actors refine their weapons against the world's toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims' systems." The development comes as eSentire detailed PureCrypter, a malware-as-a-service (MaaS) solution that's being used to distribute information stealers like Lumma and Rhadamanthys using the ClickFix initial access vector. Marketed on Hackforums[.]net by a threat actor named PureCoder for $159 for three months, $399 for one year, or $799 for lifetime access, the crypter is distributed using an automated Telegram channel, @ThePureBot, which also serves as a marketplace for other offerings, including PureRAT and PureLogs. Like other purveyors of such tools, PureCoder requires users to acknowledge a Terms of Service (ToS) agreement that claims the software is meant only for educational purposes and that any violations would result in immediate revocation of their access and serial key. The malware also incorporates the ability to patch the NtManageHotPatch API in memory on Windows machines running 24H2 or newer to re-enable process hollowing-based code injection. The findings demonstrate how threat actors quickly adapt and devise ways to defeat new security mechanisms. "The malware employs multiple evasion techniques including AMSI bypass, DLL unhooking, anti-VM detection, anti-debugging measures, and recently added capabilities to bypass Windows 11 24H2 security features through NtManageHotPatch API patching," the Canadian cybersecurity company said. "The developers use deceptive marketing tactics by promoting 'Fully UnDetected' (FUD) status based on AvCheck[.]net results, while VirusTotal shows detection by multiple AV/EDR solutions, revealing significant discrepancies in detection rates." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Review  When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. AMD RX 9070 AI performance benchmark review vs 9070 XT, 7800 XT, Nvidia RTX 5070, 4070 Sayan Sen Neowin @ssc_combater007 · May 24, 2025 14:40 EDT Earlier this month, we shared the first part of our review of AMD's new RX 9070. It was about the gaming performance of the GPU, and we gave it a 7.5 out of 10. The 9070 XT, in contrast, received a full 10 out of 10. The main reason for the lower score on the non-XT was the relatively high price and thus the poorer value it offered compared to the XT. We thought the price was much closer to the XT than it needed to be. While the RX 9070 proved to be more power efficient than the XT, for a desktop gaming graphics card, value and performance typically take the front seat compared to something like power efficiency. However, that may not be the case in terms of productivity which also takes into account things like power savings. Thus, similar to the one we did for the XT model, we are doing a dedicated productivity review for the RX 9070 as well where we compare to against the 9070 XT, 7800 XT, as well as Nvidia's 5070 and 4070. AI performance is a very important metric in today's world and AMD also promised big improvements thanks to its underlying architectural improvements. We already had a taste of that with the XT model so now it's time to see how good the non-XT does here. Before we get underway, this is a collaboration between Sayan Sen (author), and Steven Parker who lent us their test PC for this review. Speaking of which, here are the specs of the test PC: Cooler Master MasterBox NR200P MAX ASRock Z790 PG-ITX/TB4 Intel Core i7-14700K with Thermal Grizzly Carbonaut Pad T-FORCE Delta RGB DDR5 (2x16GB) 7600MT/s CL36 (XMP Profile) 2TB Kingston Fury Renegade SSD Windows 11 24H2 (Build 26100.3194) Drivers used for the 7800 XT, 9070 XT and 9070 were Adrenaline v24.30.31.03 / 25.3.1 RC (press driver provided by AMD), and for the Nvidia RTX 5070 and 4070, GeForce v572.47 was used. (From the left) Sapphire Pulse 9070 XT, Nvidia 5070 FE, and Pulse 9070First up, we have Geekbench AI running on ONNX. The RTX 5070 gets beaten by both the 9070 XT and 9070 in quantized and single precision (FP32) performance. Similarly, the 4070 gets close to the 9070 in half-precision (FP16) performance, but the latter is an enormous 30% faster in quantized score and nearly 12.2% better in single precision (FP32). The reason for this beatdown is the amount of memory available to each card. The Nvidia GPUs have 12GB each and thus only do better in the FP16 precision tests since the other ones are more VRAM-intensive. Next up, we move to UL Procyon suite starting with the Image generation benchmark. We chose the Stable Diffusion XL FP16 test since this is the most intense workload available on Procyon suite. Similar to what we saw on Geekbench AI, the Nvidia GPUs to relatively better here as it is FP16 or half precision which means the used VRAM is lower. So this is something to keep in mind again, if you wish to float32 AI workloads, it is likely that graphics cards with greater than 12 GB buffers would emerge as victors. There is still a big improvement on the RX 9070 compared to the 7800 XT as we see a ~54% gain. This boost is due to improvements to the core architecture itself as VRAM capacities of both cards are the same at 16 Gigs. Following image generation, we move to the text generation benchmark. In this workload, we see the least impressive performance of the 9070 in terms of how much it improves over the 7800 XT. The former is up to ~7.25% faster here. The 9070 is also not as well-performing as the Nvidia 4070 in Phi and Mistral models, although it does do better in both the Llama tests. Another odd result stood out here where the 5070 underperformed all the cards including the 7800 XT in Llama 2. We ran each test three times and considered the best score and so we are not exactly sure what happened here. Wrapping up AI testing, we measured OpenCL throughput in Geekbench compute benchmark. The RX 9070 did not fare well here at all even falling behind the 7800 XT and it is significantly slower than the three other cards. Interestingly, even the RTX 5070 could not beat the 4070 on OpenCL so perhaps this suggests that OpenCL optimization has not been a priority for either AMD or Nvidia this time. It could also be an issue with Geekbench itself. Conclusion We reach the end of our productivity performance review of the 9070 and we have to say we are fairly impressed but there is also a slight bit of disappointment. It is clear that the 9070 as well as the 9070 XT really shine when inferencing precision is higher, and that is due to the higher memory buffers they possess compared to the Nvidia 5070. But on FP16, the Nvidia cards pull ahead. Still RNDA 4, including the RX 9070, see big boost over RDNA 3 (7800 XT). As we noted in the image generation benchmark, which is an intense load, there is over a 50% gain. So what do we make of the RX 9070 as a productivity hardware? We think it's a good card. If someone was looking for a GPU around $550 that can do both gaming and crunch through some AI tasks this is a good card to pick up especially if you are dealing with single precision situations or some other VRAM-intense tasks. And we already know it is efficient so there's that too. For those however looking for a GPU that can deal with more, AMD recently unveiled the Radeon AI PRO R9700 which is essentially a 32 GB refresh of the 9070 XT with some additional workstation-based optimizations. Considering everything, we rate AMD's RX 9070 a 9 out of 10 for its AI performance. Price is less of a factor for those looking at productivity cases compared to ones considering the GPU for gaming, and as such, we felt it did quite decent overall and can be especially handy if you need more than 12 GB. Purchase links: RX 9070 / XT (Amazon US) As an Amazon Associate we earn from qualifying purchases. Tags Report a problem with article Follow @NeowinFeed

Windows, as all but the most besotted Microsoft fans know, has historically been a security disaster. Seriously, what other program has a dedicated day each month to reveal its latest security holes? But now, Windows Recall, the AI-powered “feature” that continuously takes snapshots of your screen to create a searchable timeline of everything you do, has arrived for Copilot+ PCs running Windows 11 version 24H2 and newer. After a year of controversy and multiple delays prompted by widespread privacy and security concerns, Microsoft has significantly changed Recall’s architecture. The feature is now opt-in, requires Windows Hello biometric authentication, encrypts all snapshots locally, filters out sensitive data such as credit card numbers, and allows users to filter out specific apps or websites from being captured. I am so unimpressed. A few days ago, in the latest Patch Tuesday release, Microsoft revealed five — count ’em, five! — zero-day security holes in Windows alone. Do you expect me to trust Recall with a track record like this? Besides, even if I don’t enable the feature, what if our beloved federal government decides that for our protection, it would be better if Microsoft turned on Recall for some users? After all, it’s almost impossible to run Windows these days without having a Microsoft ID, making it easy to pick and choose who gets what “update.” Other people feel the same way. Recall remains a lightning rod for criticism. Privacy advocates and security experts continue to warn that the very nature of Recall capturing and storing everything displayed on a user’s screen every few seconds is inherently too risky. Even if you don’t use the feature yourself, what about all the people you communicate with who might have Recall turned on? How could you even know? A friend at the University of Pennsylvania told me that the school has examined Microsoft Recall and found that it “introduces substantial and unacceptable security, legality, and privacy challenges.” Sounds about right to me. Amusingly enough, Kaspersky, the Russian security company that has its own security issues, also states that you should avoid Recall. Why? Well, yes, when you first activate Recall, you are required to use biometric authentication. After that, your PIN will do nicely. Oh, and its automatic filtering of sensitive data is unreliable. Sure, it will stop taking snapshots when you’re in private mode on Chrome or Edge. Vivaldi? Not so much. And as Kaspersky points out, if you use videoconferencing with automatic transcription enabled, Recall will save a complete call transcript detailing who said what. Oh boy! Signal, the popular secure messaging program (well, secure when you use it correctly — unlike, say, the US Secretary of Defense), wants nothing to do with this. It has introduced a new “Screen security” setting in its Windows desktop app, specifically designed to protect its users from Recall. Enabled by default on Windows 11, this feature uses a Digital Rights Management (DRM) flag to stop any application, including Windows Recall, from capturing screenshots of Signal chats. When Recall or other screenshot tools try to capture Signal’s window, it will produce a blank image. Why? In a blog post, Signal explained: “Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that’s displayed within privacy-preserving apps like Signal at risk. As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform, even though it introduces some usability trade-offs. Microsoft has simply given us no other option.” Actually, you do have another option: Desktop Linux. I said it ages ago, and I’ll say it again now. If you really care about security on your desktop, you want Linux.

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. ExplorerPatcher fix bypasses Windows 11 24H2 upgrade block, and squashes two major bugs Sayan Sen Neowin @ssc_combater007 · May 23, 2025 04:06 EDT ExplorerPatcher is a popular third-party customization and tweaking app on Windows. The latest update has three major improvements for Windows 11 24H2. First up, the author has made changes so that the app can bypass the Windows 11 24H2 upgrade block. Microsoft informed earlier that 24H2 compatibility block related to customization apps was slowly being removed. With the latest update, the ExplorerPatcher developer notes that they made changes to improve the app's Desktop Window Manager compatibility with the newest Windows version by renaming the ep_dwm EXE file to ep_dwm_svc. If you remember, Microsoft started blocking third-party apps like this one back in April 2024 during Insider testing and the safeguard hold continued even after general availability. In terms of bug fixes, there are several and two of them are related to Windows 11 24H2. The feature "disable rounded corner" now works on the latest Windows feature update. If you are familiar with Windows 11, one of the many characteristics of its aesthetics is the presence of rounder corners, which Microsoft has also brought over to its other apps, although there is still clearly room for sharper edged tabs too. So many who disliked the rounded corners on Windows 11 would rely on unofficial apps like ExplorerPatcher to deal with them. Thankfully, the feature now works, as previously it would simply automatically uncheck when detecting a 24H2 build. The second improvement is about Simple Window Switcher or SWS as the developer of ExplorerPatcher refers to it. SWS is meant as an alternative to the Alt-Tab functionality on stock Windows. Unlike the "disable rounded corner" option, the SWS feature still worked, although its implementation on Windows 11 24H2 was buggy, as users experienced slowdowns and lag. Underlying code issues can often cause problems like these as recently pointed out by a senior Microsoft engineer. From the user comments, it is apparent that the window switcher feature exhibited various other issues too. One user 03juan documented the several problems they encountered in great detail. These included being stuck in an infinite loop, high CPU usage, among others. The full changelog is given below: Start10: Fixed Pin to Start on 226x1.4541+ and 261xx.2454+. sws: Added support for 24H2. ep_dwm: Added support for 24H2. ep_dwm.exe has been renamed to ep_dwm_svc.exe to get around 24H2 upgrade blocks. ep_dwm: Now always unregistered on uninstallation, regardless of whether it was running during the uninstallation or not. Setup: The failure message now displays the associated code line number that failed, to assist in troubleshooting. Taskbar10: Fixed disabling immersive menus on ARM64. Taskbar10: Fixed Win+X menu still having Windows Terminal entries when Windows Terminal is not installed, that crashes Explorer when selected. For now, if you want to have PowerShell entries, Windows Terminal must be uninstalled. Taskbar10: Fixed Win+X entry clicks doing nothing on 26xxx.5551+ ARM64. GUI: Added dropdown indicators to dropdown entries. GUI: The language names now include the country name. (3f11766) Localization: Added Czech translations. (Thanks @9hb, @andrewz1986, and @Panzimy!) Localization: Added Spanish (Spain) translations. (Thanks @AlejandroMartiGisbert!) ep_taskbar: Added support for "Show desktop button: Hidden" setting. (#4020) (1be6658) ep_taskbar: Fixed a bug that prevented shortcut global hotkeys from working on 24H2. (#3777, #4016) ep_taskbar: Fixed a bug that prevented the taskbar from resizing properly after DPI changes. (#3796) ep_taskbar: Added the following languages: German, French, Hungarian, Indonesian, Italian, Korean, Lithuanian, Dutch, Polish, Portuguese (Brazil), Romanian, Spanish (Spain), Turkish, Ukrainian, Chinese (Simplified). ep_taskbar: Fixed a number of memory leaks and code/behavior inaccuracies. ❗ ep_taskbar: Fixed incompatibility with 26200.5603 (Dev), 26120.4151 (Beta), and 26100.4188 (Release Preview). (#4321) ep_taskbar: Now supports all Windows 10 versions supported by EP (17763/1809+). (aec8c70, 1edb989) To download the latest version, 22631.5335.68, of ExplorerPatcher, head over to Neowin's software stories page or its official GitHub repo here. The ExplorerPatcher author has also cautioned that Microsoft Defender will still flag the newer versions of the app, and has provided the following PowerShell to optionally add to anti-virus exclusions: Add-MpPreference -ExclusionPath "C:\Program Files\ExplorerPatcher" Add-MpPreference -ExclusionPath "$env:APPDATA\ExplorerPatcher" Add-MpPreference -ExclusionPath "C:\Windows\dxgi.dll" Add-MpPreference -ExclusionPath "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy" Add-MpPreference -ExclusionPath "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy" Bear in mind though, that Defender serves to protect your system from dangerous malware like the recently reported Lumma, which affects nearly 400,000 systems worldwide. So if you do add exceptions manually, make sure to not let a dangerous quarantined threat out. Tags Report a problem with article Follow @NeowinFeed

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft's official support proves useless as Windows 11 KB5058411 installs fail Sayan Sen Neowin @ssc_combater007 · May 20, 2025 01:52 EDT While Patch Tuesdays bring important security updates for the Windows OS, they can often introduce major bugs. The one this month on Windows 10, KB5058379, that introduced a BitLocker recovery reboot bug, has now been resolved with KB5061768 OOB update. Alongside that, Microsoft also resolved a Windows 11 24H2 upgrade bug related to VBS with a Recovery update KB5059442. Speaking of Windows 11, users are reporting installation failures with the Windows 11 May 2025 Patch Tuesday update KB5058411 as well. Affected users say that these are failing with various error codes like 0x800f0991, 0x800f0991, 0x800f0838, 0x800736b3, and 0x800f081f. User Shukang Liang on the Microsoft support forums writes: "Problem with windows update KB5058411 Installation fails and error code 0x800f0991 comes up." The query has been upvoted by 33 other users at the time of writing. Another user PaulK671 notes 0x800736b3 and 0x800f081f errors as they write: Error 0x800736b3 and 0x800f0838 when installing KB5058411 (Windows 11 24H2 x64 update) Hello community, I’m experiencing a persistent issue when trying to install the KB5058411 cumulative update for Windows 11 Version 24H2 (x64), released on May 13, 2025 (OS Build 26100.4061). Initial symptoms: Windows Update stalls at 6% download. Then returns error 0x800f081f. After manually downloading and executing the .msu file from the Microsoft Update Catalog, I get error 0x800f0838. The CBS logs and Event Viewer also show error 0x800736b3. The thread has been upvoted by 19 people at the time of writing. Meanwhile, user Jenny-XS says they came across the 0x800f081f error code when trying to install the May '25 Patch Tuesday. Microsoft recently published a support article with a long list of Windows 11 and 10 hex error codes that lead to installation failures. Unfortunately, though, none of the codes reported by users match with the ones Microsoft has provided workarounds for. Thus, it looks like Microsoft will have to update its list sooner rather than later as clearly many hex error codes are still pending and are due for addition to its support documentation. Interestingly, one of the commenters on the 0x800f0991 error thread, ScotBirch, added that they were able to resolve the issue using the "Fix problems using Windows Update" option. Microsoft had detailed what that is and how it works back in December 2024. You can read the linked article to find out more and see if perhaps it fixes your issues too. Tags Report a problem with article Follow @NeowinFeed

In context: Nvidia recently rolled out a GeForce driver update that quietly made older Intel processors, specifically the Core 2 family, technically compatible with the latest RTX 50-series GPUs. It initially sounded like a promising "loophole" for retro PC enthusiasts, but unfortunately, things haven't played out as expected. The key to this surprising development lies in a single instruction: POPCNT, or "Population Count." This CPU-level instruction is used to calculate the number of bits set in a binary value, which is vital for many low-level operations in modern software. Until now, Nvidia's drivers required this instruction, excluding older CPUs from using the latest GPUs. However, with the new driver dropping that requirement, users can now pair their powerful RTX cards with chips that date back over 15 years. Tinkerer Bob Pony quickly tested this on X using an Intel Core 2 Quad Q9450 with an RTX 5060 Ti. He found that it "works," at least in terms of getting the system to boot into Windows 11. Sadly, things became frustrating as Pony dug deeper. While the setup worked on paper, real-world gaming performance didn't follow. Attempting to run ray-traced games like Quake II RTX led to errors and crashes. Pony stated that the "majority of games" that use ray tracing wouldn't run due to the processor lacking the required instruction sets. Screenshots confirmed the failure. As it stands, modern games, especially those with ray tracing support, rely on more than just a powerful GPU. Even if the driver no longer requires POPCNT, many games still do, preventing them from running properly. // Related Stories It's worth mentioning here that this isn't the first time POPCNT has been a hurdle for aging systems. When Microsoft began previewing Windows 11 24H2, it quietly added POPCNT as a required hardware feature alongside Secure Boot and TPM. That move alone disqualified many older processors, even if users could previously install the OS unofficially. However, all is not lost. While ray-traced titles are a no-go, there's still value in pairing a modern GPU with an older CPU for classic or mid-tier games. There might also be potential for the community to build a compatibility database by outlining which games continue to play well on quirky setups like these.

Alongside the latest security fixes, Microsoft just added a number of new features to Windows 11 via the KB5058411 update. The new Copilot+ AI feature known as Windows Recall and the ability to use Phone Link in the Start menu have been mentioned in previous articles, so we don’t need to mention them again. One of the best improvements in the update is that Windows Search now supports AI, which means—among other things—that you can now use “natural language” in your search queries to find documents, spreadsheets, presentations, and images. File Explorer also got some boosts, like how it’s now possible to view Microsoft 365 content directly in File Explorer (but requires you to pay for the service). File Explorer should also open files and unpack ZIP archives much faster, and as for the colors in the bars, the shades of blue and green are now darker than before. Other goodies in the update include Microsoft removing the blue-colored background for shortcuts on the desktop, which users complained about, as well as numerous bug fixes, which should mean that the risk of running into “blue screen” crashes has gone down. Update KB5058411 should automatically download and install to your system, assuming you’re on Windows 11 24H2. If it hasn’t yet, you should be able to jump-start it with a manual check in Windows Update. Further reading: Windows 11 24H2 is now auto-downloading on PCs