PowerShell can do far more than most users realize. Explore 10 hidden capabilities that save time, improve reporting, and supercharge your workflow.

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...

Microsoft uncovers OAuth phishing campaigns that abuse login redirects to deliver malware and steal credentials.

An OAuth feature is being abused in the wild to drop malware to people's computers.

Malicious Packagist Laravel packages install a cross-platform RAT enabling remote shell access and system reconnaissance via ...

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware ...

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, ...

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign ...