Infosecurity-magazine.com

Attackers Adopt Novel LOTL Techniques to Evade Detection

Threat actors are using novel living-off-the-land (LOTL) tactics to better evade detection, according to HP Wolf’s Q2 2025 Threat Insights Report. These tactics include the growing use of multiple, ...
TechSpot

Microsoft urges customers to prepare for VBScript deprecation in their Office VBA macros

The big picture: The Windows ecosystem has offered an unparalleled level of backward compatibility for decades. However, Microsoft is now working to remove as many legacy technologies as possible in ...
WeLiveSecurity

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

Since Russia’s full-scale invasion of Ukraine in February 2022, cyberespionage has played a crucial role in the broader threatscape. Russia-aligned advanced persistent threat (APT) groups have ...
CSOonline

Stealth RAT uses a PowerShell loader for fileless attacks

Remcos RAT gets a stealthy upgrade as attackers ditch old office exploits for a fileless PowerShell loader that runs entirely in memory. Threat actors have been spotted using a PowerShell-based ...
TechRadar

Hackers hide malware into website images to go unnoticed

Researchers say criminals are hiding malware in images hosted on reputable websites At least two different groups were seen deploying two types of infostealers The campaigns abuse an ancient Excel ...
Dark Reading

Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels

BlueAlpha, a Russian state-sponsored advanced persistent threat (APT) group, has recently evolved its malware delivery chain to abuse Cloudflare Tunnels — with the goal of ultimately infecting victims ...
SecurityWeek

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe

A Russia-linked cyberespionage group has made over 60 victims in Asia and Europe, mainly in the government, human rights, and education sectors, Recorded Future reports. Initially identified in May ...
Infosecurity-magazine.com

ClickFix Exploits Users with Fake Errors and Malicious Code

A new social engineering tactic, known as ClickFix, has emerged, using deceptive error messages to prompt users to run harmful code. The Sekoia Threat Detection ...
The Hacker News

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development ...
Dark Reading

GenAI Writes Malicious Code to Spread AsyncRAT

Threat actors have used generative artificial intelligence (GenAI) to write malicious code in the wild to spread an open source remote access Trojan (RAT). It's one of the first observed examples of ...
PC World

Hackers are now using AI-generated code for malware attacks

Software developers have embraced “artificial intelligence” language models for code generation in a big way, with huge gains in productivity but also some predictably dubious developments. It’s no ...