New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

Microsoft reveals ClickFix campaign abusing Windows Terminal to deliver Lumma Stealer and steal browser credentials.

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

BlackSanta is a malware module that kills EDR and AV at the kernel level prior to unleashing the malware’s final purpose.

All it took was this 2MB tool.

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...

A developer’s routine cleanup task reportedly turned into a disaster after a small mistake in AI-generated code wiped an entire drive. The incident, first described in a Reddit post, involved code ...

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy ...

A ModelScope MS-Agent vulnerability allows attackers to feed malicious commands to AI agents and modify system files or steal ...