Suspected Russian actor deploys CANFAIL malware via phishing, targeting Ukrainian defense, energy, and aid sectors using LLM-assisted lures.

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in ...

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.

DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files, using fileless memory injection and obfuscated ...

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by ...

Microsoft is rolling out native Sysmon support in Windows 11 Insider builds, giving security teams built-in system monitoring ...

Researchers revealed a Phorpiex-distributed phishing campaign using malicious LNK files to deploy Global Group ransomware ...

Now Microsoft has confirmed three zero-day Windows security bypass vulnerabilities, users are warned to get their update groove on ASAP.

A threat actor is using Net Monitor for Employees and SimpleHelp to launch ransomware and cryptocurrency attacks.

This process is called a clean install, which is ironic as there's nothing particularly clean about it: Microsoft has enshittified Windows Setup.