Skip to main content

Tag: powershell

25 articles

Blurred laptop screen on a home office workstation with a notepad having a faint scribble nearby.

TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Meet TELEPUZ, a sneaky new malware that's spreading fast via ClickFix, a clever social-engineering trick that hijacks your clipboard and tricks you into running malicious commands. This lightweight threat can steal data and execute commands, making it a rapidly developing danger you won't want to ignore.

Analyst 207
Rows of computer equipment racks and monitors in a server room, with a blank laptop screen in the foreground.

AI-Generated Malware Targets Active Directory Environments

Criminals are now leveraging AI to create malicious software, as seen in a recent case where an attacker used an AI-assisted PowerShell script to infiltrate an Active Directory environment. This emerging threat, dubbed "vibe coding," allows attackers to generate software by simply prompting a large language model in plain language.

Analyst 207
Laptop on a simple desk in a home office setting with a notepad and pen nearby.

Blogger Platform Exploited in VEIL#DROP Malware Attack Chain

The VEIL#DROP malware attack chain starts with a sneaky JavaScript file, cleverly disguised as a harmless document, which executes through Windows Script Host and launches PowerShell with execution policy bypasses enabled. This multi-stage threat can be triggered by spear-phishing or a simple visit to a compromised website.

Analyst 207
Office worker sits at desk with laptop and printer in background.

FortiGuard Labs Exposes Sophisticated Phishing Campaign Targeting Windows Users

Beware of a sneaky phishing campaign that's targeting Windows users with a multi-stage attack chain, starting with a seemingly harmless email attachment that unleashes a powerful malware. This stealthy threat uses clever tactics like process hollowing to inject malicious code into trusted Windows processes.

Analyst 207
Person sitting at desk with laptop, papers, and office supplies, with files spilling from nearby cabinet.

Cloud Atlas Expands Arsenal with New Tools, Payloads

Cloud Atlas is beefing up its toolkit with fresh tools and payloads, including a blast from the past - the notorious CVE-2018-0802 Microsoft Office Equation Editor vulnerability. The group is also reviving its use of ZIP archives with malicious LNK shortcuts that trigger PowerShell scripts, keeping security experts on high alert.

Analyst 207
Interior of an electronics manufacturing facility with technicians at workstations.

Iranian Hackers Target Electronics Maker in Global Espionage Push

Iran-linked hackers, known as MuddyWater, infiltrated a major South Korean electronics manufacturer's network for a week in February 2026, as part of a massive global cyber-espionage campaign targeting nine high-profile organizations across multiple sectors and countries.

Analyst 207
GitHub Exploited in Sophisticated Malware Campaign

GitHub Exploited in Sophisticated Malware Campaign

Malicious actors have launched a sophisticated malware campaign that exploits GitHub as a covert command-and-control channel, using trusted platforms to evade detection and wreak havoc on unsuspecting organizations. This multi-stage threat employs LNK files, embedded decoders, and PowerShell to establish persistence and exfiltrate sensitive data.

Analyst 207
Attackers Exploit Trusted Tools to Evade Cybersecurity Defenses

Attackers Exploit Trusted Tools to Evade Cybersecurity Defenses

When the very tools you trust to keep your network safe are turned against you, who do you turn to? Imagine your familiar admin tools being hijacked by attackers, quietly compromising your defenses and leaving you vulnerable.

Analyst 207
Windows shortcuts: Stunning, Risky DLL Lures

Windows shortcuts: Stunning, Risky DLL Lures

A single innocent-looking Windows shortcut in a ZIP can quietly trigger PowerShell to fetch a DLL implant and let attackers run code inside trusted processes — turning everyday convenience into a stealthy compromise. Stay skeptical of unexpected archives and treat shortcut icons as potentially dangerous until verified.

Analyst 207
FileFix campaign: Stunning Risky Steganography Threat

FileFix campaign: Stunning Risky Steganography Threat

Imagine a threat hiding inside a photo: the FileFix campaign uses JPG steganography, a PowerShell loader and encrypted EXEs delivered via multilingual phishing to smuggle malware past traditional defenses. Stay cautious with unexpected image attachments and push for content-aware scanning and EDR to catch these layered attacks.

Analyst 207
Living Off The Land: Stunning, Risky Evasion Techniques

Living Off The Land: Stunning, Risky Evasion Techniques

Attackers are quietly blending in by weaponizing legitimate — often obscure — system tools and even image files to evade detection, forcing defenders to rethink the assumption that “known-good” equals safe. To stay ahead, organizations must expand telemetry, tighten allowlisting, and hunt for suspicious misuse of everyday binaries before trust becomes a vulnerability.

Analyst 207
fileless malware: Deadly Exclusive Stealth Threat

fileless malware: Deadly Exclusive Stealth Threat

Imagine fighting a ghost that leaves no footprint — attackers are running AsyncRAT entirely in memory, hiding behind trusted Windows tools like PowerShell and rundll32. Luckily, better runtime visibility, behavioral EDR and stronger identity controls can help defenders spot and stop these stealthy, fileless intrusions.

Analyst 207
CastleRAT malware: Exclusive Dangerous C/Python Threat

CastleRAT malware: Exclusive Dangerous C/Python Threat

A new strain of CastleRAT, now rewritten in both C and Python, is being spread via a nasty ClickFix trick that convinces users to paste malicious commands into their terminals—don’t paste commands you don’t trust. Stay skeptical of unsolicited “fixes,” verify sources, and treat pasteable commands like executable attachments.

Analyst 207
USB-borne campaign: Critical, Risky Cryptominer Threat

USB-borne campaign: Critical, Risky Cryptominer Threat

A new global USB-borne campaign turns everyday thumb drives into stealthy cryptomining engines by chaining DLL hijacking with PowerShell — quietly draining CPU/GPU power and sidestepping network defenses. Treat unknown USBs as hostile: disable autorun, use scanned maintenance drives, and harden endpoints to block this low‑tech delivery of high‑tech abuse.

Analyst 207
malvertising campaign: Exclusive Dangerous PS1Bot Threat

malvertising campaign: Exclusive Dangerous PS1Bot Threat

What if the ads you trust were actually a backdoor? A new malvertising campaign is quietly using compromised ad networks to deploy PS1Bot — a modular PowerShell malware that runs in memory, evades traditional defenses, and can turn ordinary browsers into footholds for wider attacks.

Analyst 207
APT28 Leverages Signal Chat for BEARDSHELL Malware and COVENANT Deployment in Ukraine

APT28 Leverages Signal Chat for BEARDSHELL Malware and COVENANT Deployment in Ukraine

APT28 exploits Signal Chat to deploy BEARDSHELL malware and COVENANT in Ukraine, enhancing their cyber capabilities amidst ongoing conflicts.

Analyst 207
Microsoft shares script to restore inetpub folder you shouldn’t delete

Microsoft shares script to restore inetpub folder you shouldn’t delete

Microsoft releases a script to restore the crucial inetpub folder, ensuring essential web hosting files are quickly recovered and preserved.

Analyst 207
Multi-Stage PowerShell Attack Fuels NetSupport RAT Distribution via Fake DocuSign and Gitcode Sites

Multi-Stage PowerShell Attack Fuels NetSupport RAT Distribution via Fake DocuSign and Gitcode Sites

Multi-stage PowerShell attacks distribute NetSupport RAT via fake DocuSign and Gitcode sites, exposing vulnerabilities and advanced cyber-sabotage tactics.

Analyst 207
EDDIESTEALER Variant Outmaneuvers Chrome’s Encryption to Access Browser Data

EDDIESTEALER Variant Outmaneuvers Chrome’s Encryption to Access Browser Data

EDDIESTEALER variant bypasses Chrome encryption, accessing and exfiltrating sensitive browser data while posing significant security threats to users.

Analyst 207
Fake AI Tools: Cybercriminals Deploy Malware Through Imitation Installers

Fake AI Tools: Cybercriminals Deploy Malware Through Imitation Installers

Cybercriminals are using fake AI tools with imitation installers to deploy malware—verify all downloads and stick to trusted sources.

Analyst 207
Fileless PowerShell Loader Deploys Remcos RAT

Fileless PowerShell Loader Deploys Remcos RAT

Fileless PowerShell loader deploys Remcos RAT, using stealthy techniques to bypass defenses and gain remote access to compromised systems.

Analyst 207
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

Fileless Remcos RAT via LNK files & MSHTA exploits PowerShell attacks. Learn detection, attack methods, and countermeasures for advanced threats.

Analyst 207
PowerShell-Driven Deployment of Remcos RAT in a Sophisticated Fileless Attack

PowerShell-Driven Deployment of Remcos RAT in a Sophisticated Fileless Attack

PowerShell drives a fileless attack deploying Remcos RAT with advanced stealth, evading detection and securing persistence via sophisticated tactics.

Analyst 207
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

MintsLoader delivers GhostWeaver via phishing while ClickFix leverages DGA and TLS to execute stealth cyber attacks.

Analyst 207