The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
MUO on MSN

I found PowerShell's pipeline does what batch files can't and I stopped using CMD

A single pipeline replaced fourteen lines and I never looked back.
Live Bitcoin News

Microsoft Warns of New Crypto Malware That Hijacks Wallet Transfers

Microsoft warns of CryptoBandits.A, a Tor-based Windows clipper stealing wallet data and hijacking crypto transfers.
CSO Online

Attackers abuse Google Ads, GitLab, and Claude to deliver malware

Researchers tracked a seven-week campaign that leveraged trusted platforms and AI-generated trust to trick users into ...

Urgent Windows warning issued and don't ignore it if you use Microsoft Office

An urgent alert has been issued to millions of Windows users after the discovery of a new scam that offers Office and Spotify ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Dark Reading

Fileless Phantom Stealer Targets Browser Credentials

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques ...

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Windows Subsystem for Linux gives developers a compelling reason to stick with Microsoft - here's why

WSL 3 makes staying on Windows easier, especially for developers building or running Linux-based AI, container, or dev ...

That free Spotify tutorial stole your passwords. Here’s what to do.

Criminals are running polished fake tutorial videos on social media promising free Spotify Premium, Microsoft Office and ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...