Tag: powershell
25 articles

TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
Meet TELEPUZ, a sneaky new malware that's spreading fast via ClickFix, a clever social-engineering trick that hijacks your clipboard and tricks you into running malicious commands. This lightweight threat can steal data and execute commands, making it a rapidly developing danger you won't want to ignore.

AI-Generated Malware Targets Active Directory Environments
Criminals are now leveraging AI to create malicious software, as seen in a recent case where an attacker used an AI-assisted PowerShell script to infiltrate an Active Directory environment. This emerging threat, dubbed "vibe coding," allows attackers to generate software by simply prompting a large language model in plain language.

Blogger Platform Exploited in VEIL#DROP Malware Attack Chain
The VEIL#DROP malware attack chain starts with a sneaky JavaScript file, cleverly disguised as a harmless document, which executes through Windows Script Host and launches PowerShell with execution policy bypasses enabled. This multi-stage threat can be triggered by spear-phishing or a simple visit to a compromised website.

FortiGuard Labs Exposes Sophisticated Phishing Campaign Targeting Windows Users
Beware of a sneaky phishing campaign that's targeting Windows users with a multi-stage attack chain, starting with a seemingly harmless email attachment that unleashes a powerful malware. This stealthy threat uses clever tactics like process hollowing to inject malicious code into trusted Windows processes.

Cloud Atlas Expands Arsenal with New Tools, Payloads
Cloud Atlas is beefing up its toolkit with fresh tools and payloads, including a blast from the past - the notorious CVE-2018-0802 Microsoft Office Equation Editor vulnerability. The group is also reviving its use of ZIP archives with malicious LNK shortcuts that trigger PowerShell scripts, keeping security experts on high alert.

Iranian Hackers Target Electronics Maker in Global Espionage Push
Iran-linked hackers, known as MuddyWater, infiltrated a major South Korean electronics manufacturer's network for a week in February 2026, as part of a massive global cyber-espionage campaign targeting nine high-profile organizations across multiple sectors and countries.

GitHub Exploited in Sophisticated Malware Campaign
Malicious actors have launched a sophisticated malware campaign that exploits GitHub as a covert command-and-control channel, using trusted platforms to evade detection and wreak havoc on unsuspecting organizations. This multi-stage threat employs LNK files, embedded decoders, and PowerShell to establish persistence and exfiltrate sensitive data.

Attackers Exploit Trusted Tools to Evade Cybersecurity Defenses
When the very tools you trust to keep your network safe are turned against you, who do you turn to? Imagine your familiar admin tools being hijacked by attackers, quietly compromising your defenses and leaving you vulnerable.

Windows shortcuts: Stunning, Risky DLL Lures
A single innocent-looking Windows shortcut in a ZIP can quietly trigger PowerShell to fetch a DLL implant and let attackers run code inside trusted processes — turning everyday convenience into a stealthy compromise. Stay skeptical of unexpected archives and treat shortcut icons as potentially dangerous until verified.

FileFix campaign: Stunning Risky Steganography Threat
Imagine a threat hiding inside a photo: the FileFix campaign uses JPG steganography, a PowerShell loader and encrypted EXEs delivered via multilingual phishing to smuggle malware past traditional defenses. Stay cautious with unexpected image attachments and push for content-aware scanning and EDR to catch these layered attacks.

Living Off The Land: Stunning, Risky Evasion Techniques
Attackers are quietly blending in by weaponizing legitimate — often obscure — system tools and even image files to evade detection, forcing defenders to rethink the assumption that “known-good” equals safe. To stay ahead, organizations must expand telemetry, tighten allowlisting, and hunt for suspicious misuse of everyday binaries before trust becomes a vulnerability.

fileless malware: Deadly Exclusive Stealth Threat
Imagine fighting a ghost that leaves no footprint — attackers are running AsyncRAT entirely in memory, hiding behind trusted Windows tools like PowerShell and rundll32. Luckily, better runtime visibility, behavioral EDR and stronger identity controls can help defenders spot and stop these stealthy, fileless intrusions.

CastleRAT malware: Exclusive Dangerous C/Python Threat
A new strain of CastleRAT, now rewritten in both C and Python, is being spread via a nasty ClickFix trick that convinces users to paste malicious commands into their terminals—don’t paste commands you don’t trust. Stay skeptical of unsolicited “fixes,” verify sources, and treat pasteable commands like executable attachments.

USB-borne campaign: Critical, Risky Cryptominer Threat
A new global USB-borne campaign turns everyday thumb drives into stealthy cryptomining engines by chaining DLL hijacking with PowerShell — quietly draining CPU/GPU power and sidestepping network defenses. Treat unknown USBs as hostile: disable autorun, use scanned maintenance drives, and harden endpoints to block this low‑tech delivery of high‑tech abuse.

malvertising campaign: Exclusive Dangerous PS1Bot Threat
What if the ads you trust were actually a backdoor? A new malvertising campaign is quietly using compromised ad networks to deploy PS1Bot — a modular PowerShell malware that runs in memory, evades traditional defenses, and can turn ordinary browsers into footholds for wider attacks.

APT28 Leverages Signal Chat for BEARDSHELL Malware and COVENANT Deployment in Ukraine
APT28 exploits Signal Chat to deploy BEARDSHELL malware and COVENANT in Ukraine, enhancing their cyber capabilities amidst ongoing conflicts.

Microsoft shares script to restore inetpub folder you shouldn’t delete
Microsoft releases a script to restore the crucial inetpub folder, ensuring essential web hosting files are quickly recovered and preserved.

Multi-Stage PowerShell Attack Fuels NetSupport RAT Distribution via Fake DocuSign and Gitcode Sites
Multi-stage PowerShell attacks distribute NetSupport RAT via fake DocuSign and Gitcode sites, exposing vulnerabilities and advanced cyber-sabotage tactics.

EDDIESTEALER Variant Outmaneuvers Chrome’s Encryption to Access Browser Data
EDDIESTEALER variant bypasses Chrome encryption, accessing and exfiltrating sensitive browser data while posing significant security threats to users.

Fake AI Tools: Cybercriminals Deploy Malware Through Imitation Installers
Cybercriminals are using fake AI tools with imitation installers to deploy malware—verify all downloads and stick to trusted sources.

Fileless PowerShell Loader Deploys Remcos RAT
Fileless PowerShell loader deploys Remcos RAT, using stealthy techniques to bypass defenses and gain remote access to compromised systems.

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
Fileless Remcos RAT via LNK files & MSHTA exploits PowerShell attacks. Learn detection, attack methods, and countermeasures for advanced threats.

PowerShell-Driven Deployment of Remcos RAT in a Sophisticated Fileless Attack
PowerShell drives a fileless attack deploying Remcos RAT with advanced stealth, evading detection and securing persistence via sophisticated tactics.

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
MintsLoader delivers GhostWeaver via phishing while ClickFix leverages DGA and TLS to execute stealth cyber attacks.