PowerShell stories
A default Windows utility is giving attackers a way to run malicious scripts through trusted processes and dodge security tools.
Many small firms cannot block the attack with email or antivirus tools because it tricks staff into running malicious commands themselves.
Businesses are facing harder-to-spot intrusions as attackers use valid Microsoft 365 logins, fake AI sites and fileless malware to evade detection.
Corporate users can be compromised in under five minutes when attackers pose as help-desk staff in external Microsoft Teams chats, researchers say.
The attack kept retrying for hours after network blocks, as a scheduled task and Python proxy preserved access on the host.
AI agent workflows are being targeted by a fake OpenClaw skill that installs Remcos RAT and GhostLoader on Windows, macOS and Linux.
Attackers were exploiting a critical Weaver E-cology flaw within five days of the vendor patch, Vega said, with repeated attempts blocked.
Small defence contractors are left exposed as state-backed hackers spend years mapping supply chains and laying covert access routes before striking.
IT teams can now track fleet-wide software gaps and route deployment tasks into Jira, Freshworks and Zapier with PDQ's latest update.
IT teams can now spot missing and vulnerable software faster as PDQ expands inventory, package management and ticketing links.
Victims in healthcare, education and finance have faced Medusa ransomware within 24 hours of flaws emerging, Microsoft says.
ThreatLabz says the latest Xloader strain uses layered encryption and decoy servers to frustrate analysts while stealing browser credentials.
Businesses face credential theft and reinfection risks as DeepLoad hides inside trusted Windows processes and evades routine clean-up.
A rise in Living-Off-the-Land attacks is leaving organisations exposed to hidden internal risks, Bitdefender said as it opened the service to larger firms.
Nearly half of observed attacks never hit endpoints, pushing N-able to broaden detection across network, cloud and identity layers.
Ransomware group LeakNet adopts ClickFix lures and a Deno-based fileless loader to scale attacks and evade traditional endpoint defences.
Cloud identity compromise now drives over 80% of cyber incidents, as attackers increasingly abuse trusted accounts and workplace tools.
OpenAI brings its Codex desktop app to Windows, targeting the nearly half of professional developers who use the platform daily.
WatchGuard reports a 1,548% surge in new evasive malware and a 2,000% jump in encrypted threats, straining signature-based defences.
Governance gaps and tool sprawl are stalling Microsoft automation at scale, with most large IT teams lacking control, visibility and integration.
