The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months.

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...

Semantic versioning gives PowerShell script changes clear meaning so you can evolve scripts quickly without letting updates devolve into chaos.

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

BlackSanta is a malware module that kills EDR and AV at the kernel level prior to unleashing the malware’s final purpose.

Sudo in Windows is a godsend.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

A new twist on the long-running ClickFix scam is now tricking Windows users into launching Windows Terminal and pasting ...

A recent malware campaign is using a trusted Windows application to launch attacks for stealing credentials via social engineering with the exploitation of the Windows Terminal with the use of Lumma ...

Microsoft reveals ClickFix campaign abusing Windows Terminal to deliver Lumma Stealer and steal browser credentials.

Overview Iranian‑aligned cyber actors pose an elevated near‑term risk due to their history of espionage, credential theft, disruptive attacks, and high‑visibility “hacktivist” and disinformation ...

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...