Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and ...
Windows PowerShell has long been an IT administrator’s best friend — but only if you know how to use it properly. Created by Microsoft nearly two decades ago, this object-oriented automation engine ...
A threat actor has been caught using AI-generated malware in a real network intrusion, deploying a PowerShell script that an ...
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
A crucial Windows security certificate just expired - how to check your PC ...
A fileless malware framework has been abusing Google's Blogspot platform to deliver the PureLog Stealer entirely in memory, letting attackers steal credentials while leaving few traces on disk.
PureLogs Stealer uses fake PDF JavaScript files and Google's Blogger pages in the VEIL#DROP campaign, enabling fileless ...
The ransomware’s use of trusted administrative tools and recovery-disruption tactics shows why containment, not just endpoint ...
Prinz Eugen ransomware targets recently modified files first and skips ransom notes, exposing backup, EDR, and incident ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA ...