Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks.

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft ...

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

Iran-linked Dust Specter targeted Iraqi officials using fake ministry lures and new malware families uncovered by Zscaler.

In a blog post breaking down the methodology of the attack, Malwarebytes says that the infiltration begins with what appears to be a genuine Google Account security check, from a ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

PCWorld reports that malicious Facebook ads are distributing malware disguised as legitimate Windows 11 upgrades, mimicking official Microsoft download pages. The sophisticated malware employs ...

Watch out for Facebook ads claiming to offer free Windows 11 upgrades. You might end up downloading malware. Antivirus provider Malwarebytes is warning about Facebook ...

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware. The attack relies on compromised websites that ...

Now that Windows 10 has reached the end of support, it's increasingly appealing to cybercriminals. While upgrading is recommended, you don't have to switch immediately—here's how you can keep your ...