Microsoft Threat Intelligence has detected cyber threats distributing malware through the ms-appinstaller URI scheme (App Installer) since mid-November 2023. These threat actors, including Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, used the scheme to bypass malware protection measures due to its current implementation issues. In response, Microsoft has disabled the ms-appinstaller protocol handler by default.
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk,
