Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
CNET

Malware Has Gotten Smarter. Here's How Your Antivirus Has, Too

Antivirus software used to hunt for known malware, but now it’s predicting suspicious behavior before an attack fully lands.
Dark Reading

Fileless Phantom Stealer Targets Browser Credentials

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques ...
Hosted on MSN

Experts warn certain file types can carry hidden malware

Tech pro ThioJoe explains why certain file types can secretly carry malware and why users should be cautious when opening them. Coffee linked to significant new side effect, says massive study Trump’s ...
GitHub

Living off the land and fileless techniques

II. Examples of "living off the land" techniques using PowerShell (i.e. download and execute straight into memory PE, DLL and PoSh scripts) III. Examples of "living off the land" techniques using ...
Digital Trends

I’m still not sold on a disc-less Xbox, but Project Helix feels inevitable now

Xbox’s next-gen console might be going fully digital. And if the latest leaks are accurate, Microsoft could finally be preparing the move it almost made more than a decade ago… before the internet ...
CSOonline

New malware turns Linux systems into P2P attack networks

Researchers found a Linux malware called QLNX that combines P2P networking, rootkits, PAM backdoors, and fileless execution to persist and evade takedowns. Attackers have found a new way to turn Linux ...
TechRepublic

New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

BlueNoroff hackers used fake Zoom calls, ClickFix prompts, and fileless PowerShell malware to steal credentials from Web3 and crypto targets. A fake meeting invite is all it can take to turn a routine ...
Wired

Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet

Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally. Vitaly ...
WeLiveSecurity

GopherWhisper: A burrow full of malware

ESET researchers have discovered a previously undocumented China-aligned APT group that we named GopherWhisper. The group wields a wide array of tools mostly written in Go, using injectors and loaders ...
Wired

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months. On Wednesday, cybersecurity firm Expel ...