Leonardo DiCaprio movie torrent hides complex PowerShell scripts

Fake movie torrents deliver multi-stage malware without the user noticing execution stepsAgentTesla steals browser, email, ...

‘Users Must Choose’—Microsoft Confirms New Windows Security Feature

Microsoft has made security changes to one of the most popular tools bundled with Windows installations, and now users must ...
WeLiveSecurity

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
Infosecurity Magazine

Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access

In this campaign, Nezha is deployed as a post-exploitation remote access tool rather than malware. Because the software is ...

Orchestrating Seamless Modernization: Bharat Kumar Dokka's Enterprise-Scale SQL Server Migration

Bharat Kumar Dokka spearheaded a comprehensive enterprise-wide SQL Server migration initiative across a major client's Administration Infrastructure project, successfully modernizing multiple ...

Microsoft's December patch fixes three zero-day flaws including one critical exploited vulnerability — update your PC right now

According to Microsoft, a zero-day flaw is one that has been publicly disclosed or actively exploited while no official fix has been deployed. Bleeding Computer reports that the exploited zero-day ...

New Splunk Windows Flaw Enables Privilege Escalation Attacks

Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions.

Fake MAS Windows activation domain used to spread PowerShell malware

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell ...
The Hacker News

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

This weekly recap brings those stories together in one place. No overload, no noise. Read on to see what shaped the threat ...