Tag PowerShell

April 29, 2026

New PS1Bot Malware Campaign Utilizes Malvertising for Multi-Stage In-Memory Attacks

Aug 13, 2025
Malvertising / Cryptocurrency

Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.

New PS1Bot Malware Campaign Deploys Multi-Stage In-Memory Attacks via Malvertising August 13, 2025 Cybersecurity experts have uncovered a sophisticated malvertising campaign that aims to deploy a multi-stage malware framework known as PS1Bot. This threat is characterized by its modular architecture, allowing various malicious components to be executed on compromised systems.…

April 24, 2026

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

Cybercriminals Exploit ClickFix Strategy to Distribute CORNFLAKE.V3 Backdoor via Fake CAPTCHA Pages On August 21, 2025, cybersecurity experts reported a notable tactic employed by cybercriminals involving the deployment of a versatile backdoor, known as CORNFLAKE.V3, through a method termed ClickFix. This strategy was detailed by Mandiant, a subsidiary of Google,…

April 16, 2026

Active HanGhost Loader Campaign Targets Payment and Logistics Workflows in Enterprises

Emerging HanGhost Loader Malware Targets Corporate Finance and Operations A new malware campaign centered around the HanGhost loader is making waves, specifically targeting corporate environments. This malicious initiative primarily aims at employees involved in payment processing, logistics, and contract management. With a stealthy approach designed to evade detection, HanGhost seeks…

March 4, 2026

State-Sponsored Hackers Likely Targeted MS Exchange 0-Days at Approximately 10 Organizations

On Friday, Microsoft reported a significant security incident involving the exploitation of two zero-day vulnerabilities in Microsoft Exchange servers by a single threat actor group as far back as August 2022. This group successfully gained initial access through coordinated attacks targeting fewer than ten organizations worldwide. The compromises facilitated the…

March 3, 2026

Email Scam Broadly Targets GitHub Developers Using Dimnie Trojan

Open source developers utilizing GitHub have been alerted to a phishing email campaign aimed at infecting their systems with a sophisticated malware trojan known as Dimnie. This malicious software is designed to perform reconnaissance and espionage, enabling attackers to steal login credentials, download confidential files, capture screenshots, log keystrokes on…

February 19, 2026

Dragonfly 2.0: Hacking Collective Breaches Power Infrastructure in Europe and the US

The infamous hacking collective known as Dragonfly has resurfaced, renewing its focus on targeting energy sector companies in the United States and Europe. Having been active since at least 2011, this well-resourced group is notorious for its sophisticated cyber-espionage campaigns aimed at critical infrastructure, particularly within the energy domain. Research…

February 14, 2026

Russian ‘Fancy Bear’ Hackers Exploit Unpatched Microsoft Office DDE Vulnerability

Cybercriminals, notably state-sponsored hackers, have begun exploiting a newly uncovered vulnerability in Microsoft Office that the company has not classified as a security risk nor plans to address with a patch. This vulnerability involves the Dynamic Data Exchange (DDE) feature in Microsoft Office, which allows applications to share data seamlessly…

February 6, 2026

Researchers Identify New Exploit for PaperCut Vulnerability Capable of Evading Detection

Exploitation of Critical PaperCut Vulnerability Raises Alarm in Cybersecurity Community Recent findings by cybersecurity researchers have uncovered a concerning method for exploiting a recently identified critical vulnerability in PaperCut servers, which appears to outsmart existing detection mechanisms. The flaw, cataloged as CVE-2023-27350 and carrying a CVSS score of 9.8, poses…

February 5, 2026

New Ransomware Variant ‘CACTUS’ Targeting VPN Vulnerabilities to Breach Networks

New Ransomware CACTUS Exploits VPN Vulnerabilities in Ongoing Cyber Attacks Cybersecurity researchers have identified a new strain of ransomware, dubbed CACTUS, which exploits known vulnerabilities in VPN appliances to gain entry into targeted networks. This ransomware variant has primarily targeted large commercial enterprises since its emergence in March 2023. Upon…