ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA ...
Securonix uncovers the Veil#Drop malware framework, which abuses compromised websites and Google Blogspot to deploy the PureLog information stealer.
A fileless malware framework has been abusing Google's Blogspot platform to deliver the PureLog Stealer entirely in memory, letting attackers steal credentials while leaving few traces on disk.
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
Windows 11 provides a rich GUI, but it also supports various command line interfaces (CLIs) through a modern Terminal app.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
The ransomware’s use of trusted administrative tools and recovery-disruption tactics shows why containment, not just endpoint ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
LayerX found that BioShocking could trick AI browsers into leaking credentials by disguising malicious prompts as game rules.
Armored Likho, a new APT group using AI-generated malware and the BusySnake Stealer to target government agencies and power ...
The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions.
FortiBleed campaign targeting FortiGate firewalls is tied to INC and Lynx ransomware, with over 110 million stolen credentials linked to attacks.