Sleep with one eye open: how Librarian Ghouls steal data by night
According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.
powershell
PureHVNC RAT Uses Fake Job Offers and PowerShell to Evade Security Defenses
A new and highly evasive malware campaign delivering the PureHVNC Remote Access Trojan (RAT) has been identified by Netskope Threat Labs, showcasing a complex multi-layer infection chain designed to bypass modern security defenses. This campaign, activ…
New Malware Spotted Corrupts Its Own Headers to Block Analysis
Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server.
How Google Meet Pages Are Exploited to Deliver PowerShell Malware
A new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tact…
Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT
Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). T…
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through a highly sophisticated phishing-based attack. Cybersecurity researchers have uncovered a multi-stage infection chain that begins with a deceptive PD…
Hackers Leveraging PowerShell to Bypass Antivirus and EDR Defenses
Cybersecurity researchers have uncovered a growing trend in which threat actors are exploiting Microsoft PowerShell a legitimate Windows command-line interface to bypass advanced antivirus and Endpoint Detection and Response (EDR) defenses. This techni…
Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts
A new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote…
Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques
Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has evolved with sophisticated PowerShell tools and advanced evasion tactics, leveraging fake CAPTCHA sites to deceive users. Active since mid-2022 and o…
New StealC V2 Upgrade Targets Microsoft Installer Packages and PowerShell Scripts
StealC, a notorious information stealer and malware downloader first sold in January 2023, has rolled out its version 2 (V2) in March 2025 with sophisticated enhancements. This latest iteration introduces a range of new capabilities, focusing on advanc…