In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.
Turns out Windows already gives you all the tools you need to block distracting apps and websites—you just have to put them ...
description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...
Phantom Stealer phishing targets banks with fileless malware and in-memory Windows process injection. The infostealer harvests credentials, cookies, financial data, screenshots, and cryptocurrency ...
The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ...
A stealthy Python-based backdoor framework capable of long-term surveillance and credential theft has been identified targeting Windows systems. According to research from Securonix, the malware, ...
Abstract: Cyber-attacks have evolved dramatically over the past decade, becoming more targeted and sophisticated. Attackers now employ various techniques, including phishing, ransomware, and Remote ...
A campaign known as Shadow#Reactor uses text-only files to deliver a Remcos remote access Trojan (RAT) to compromise victims, as opposed to a typical binary. Researchers with security vendor Securonix ...
A rare in-the-wild FileFix campaign has been observed by cybersecurity researchers, which hides a second-stage PowerShell script and encrypted executables inside JPG images. The attack, detailed in an ...