Dell Wyse Converter has long been a widely used tool for converting existing hardware into managed thin clients. However, Windows 10 is approaching end of life, and Dell Wyse has not announced plans for their converter to support Windows 11. Those currently using Dell Wyse converter should be looking into alternatives in order to protect themselves against malicious threats. Threats like those illustrated in the second story, covering supply chain malware connected to GlueStack.
Dell Wyse converter and Windows 10 EoL
Dell Wyse Converter is a tool for IT departments seeking to optimize hardware by transforming Windows PCs into thin clients. Integrated with Dell’s Wyse Management Suite, it enables centralized configuration and control.
As organizations assess migration plans to Windows 11, it’s important to note that Wyse Converter currently supports only Windows 10. At the time of writing, Dell has not released a version of the software compatible with Windows 11, nor provided a roadmap for future support. This may influence infrastructure planning, particularly for environments looking to standardize on Microsoft’s latest operating system (OS).
For IT leaders, this presents a strategic decision point: whether to continue leveraging Wyse Converter within Windows 10-supported lifecycles, or begin evaluating alternative solutions that align with Windows 11.
Maintaining secure and manageable endpoints remains a top priority. With Microsoft’s Windows 10 end-of-support date set for October 2025, now is the ideal time to reassess long-term device strategy, lifecycle management, and compatibility across the organization’s hardware footprint.
Windows 11 environments and Dell Wyse converter – TL;DR
Dell Wyse Converter supports Windows 10 but is not compatible with Windows 11, with no announced plans for future support. As Windows 10 approaches end-of-life in October 2025, IT admins should assess whether to continue using Wyse Converter in the short-term or explore alternatives better aligned with Windows 11.
Supply Chain Malware connected to GlueStack targets millions globally
A recent attack has compromised multiple npm and PyPI packages linked to the GlueStack ecosystem, affecting millions of global users. Security researchers at Aikido Security identified unauthorized code inserted into the “lib/commonjs/index.js” file, enabling attackers to execute shell commands, capture screenshots, and upload files from infected systems. These compromised packages, collectively downloaded nearly 1 million times weekly, include “@gluestack-ui/utils” and various “@react-native-aria” modules.
The malicious code resembles a remote access trojan previously deployed via the “rand-user-agent” npm package, suggesting the same threat actors may be responsible. This updated trojan introduces new commands to gather system information and the host’s public IP address. Despite maintainers revoking access tokens and deprecating affected versions, the malware’s persistence mechanisms allow continued access to infected machines even after updates.
Additionally, Socket discovered two rogue npm packages—”express-api-sync” and “system-health-sync-api”—which function as destructive wipers. Disguised as legitimate utilities, these packages execute commands to delete entire application directories upon receiving specific HTTP requests.
Supply chain malware – TL;DR
A recent supply chain attack compromised multiple npm and PyPI packages in the GlueStack ecosystem, enabling remote code execution and persistent access. Linked to a known trojan, the malware gathers system data and resists removal. Two additional rogue packages acted as wipers, deleting app directories. The incident highlights the need for tighter dependency vetting and supply chain security.
Conclusion
These stories showcase the importance of keeping informed and updated. Endpoint environments are the most common targets for malicious actors, so ensuring that your security platform is up-to-date will make a massive difference in your attack surface. If you are upgrading to a Windows 11 environment, consider device conversion solutions like ThinScale’s ThinKiosk. ThinKiosk locks down the endpoint and actively prevents malware from functioning even if somehow introduced to the machine. Get in touch to learn more.
