Who is knocking at the Dohdoor? Digital intruders with possible links to North Korea have been infecting US education and ...
A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
PowerShell can do far more than most users realize. Explore 10 hidden capabilities that save time, improve reporting, and supercharge your workflow.
Cisco Talos tracks UAT-10027 targeting U.S. education and healthcare with Dohdoor DoH-based backdoor and Cobalt Strike ...
Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
APT28’s Operation MacroMaze used macro-laced documents and webhook.site to exfiltrate data across Europe from Sept 2025 to Jan 2026.
A hacker jailbroke Claude to steal 150GB of Mexican government data in a month-long campaign. CrowdStrike's latest threat report shows it's part of a wider pattern — and maps four domains most ...
A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
Attackers used “technical assessment” projects with repeatable naming conventions to blend in cloning and build workflows, retrieving loader scripts from remote infrastructure, and minimizing on-disk ...
IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results