Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Armored Likho, a new APT group using AI-generated malware and the BusySnake Stealer to target government agencies and power ...
description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...
Microsoft Threat Intelligence has identified an active multi-stage intrusion campaign targeting organizations in the hospitality and hotel industry since April 2026. We’ve observed this activity ...
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
A fileless malware framework is abusing Google’s Blogspot platform to deliver PureLog Stealer directly into computer memory, sharpening concerns that trusted web services are being turned into staging ...
Microsoft has linked a major Mastra AI supply chain attack affecting 140 npm packages to North Korean hackers who deployed malware targeting crypto wallets. Freepix A sweeping software supply chain ...
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
Turns out Windows already gives you all the tools you need to block distracting apps and websites—you just have to put them ...