Tag PowerShell

Now, Even Russia’s Top Hackers are Utilizing Clickfix to Compromise Devices

Russian Hacking Group Targets Ukrainian Organizations with Clickfix Technique A prominent hacking group linked to the Russian government has recently deployed a sophisticated cyberattack technique known as Clickfix, which has raised alarms among cybersecurity experts in Ukraine. The country’s Computer Emergency Response Team (CERT) has issued warnings about this method,…

Read MoreNow, Even Russia’s Top Hackers are Utilizing Clickfix to Compromise Devices

MS Office Built-in Feature Enables Malware Execution Without the Need for Macros

With the rapid evolution of cybercrime, traditional defenses are increasingly being overwhelmed by attacks that exploit commonly used system tools and protocols. A recent investigation by Cisco’s Talos threat research group uncovered a campaign utilizing malware-laden Microsoft Word documents capable of executing code without requiring Macro permissions or corrupting memory.…

Read MoreMS Office Built-in Feature Enables Malware Execution Without the Need for Macros

Junior Hacker Leveraged Tailscale and OpenSSH to Maintain Access After C2 Outage

Cyber Intrusion at French Automotive Firm: A Case Study of Persistent Threats Recently, a French-speaking cybercriminal infiltrated a small automotive business in France, deploying a keylogger to capture sensitive banking and email credentials. The breach, characterized by conventional tactics, took an unexpected turn with a strategic decision made towards the…

Read MoreJunior Hacker Leveraged Tailscale and OpenSSH to Maintain Access After C2 Outage

63 Newly Discovered Vulnerabilities (Including 0-Days) Windows Users Must Address Immediately

In this month’s Patch Tuesday, Microsoft released a significant round of security updates addressing 63 vulnerabilities within its products, including the Windows operating system. Among these, 12 vulnerabilities have been categorized as critical, 49 as important, one as moderate, and one as low in severity. System administrators are urged to…

Read More63 Newly Discovered Vulnerabilities (Including 0-Days) Windows Users Must Address Immediately

How a USB Speaker Can Infiltrate a PC Without Direct Interaction

In a recent cybersecurity incident involving a speaker model known as the Katana V2X, a researcher successfully manipulated its firmware to explore potential vulnerabilities. After replacing the original firmware with a modified version that displayed the word “patched” on the speaker’s LED, the researcher turned his focus to FreeRTOS—the open-source…

Read MoreHow a USB Speaker Can Infiltrate a PC Without Direct Interaction

China-Linked Storm-1175 Leverages Zero-Day Vulnerabilities for Swift Medusa Ransomware Deployment

A prominent threat group based in China has been associated with the deployment of Medusa ransomware, recently leveraging a mix of zero-day and N-day vulnerabilities to execute rapid and sophisticated attacks on vulnerable internet-facing systems. This group’s operational speed and adeptness at identifying exposed network assets have led to significant…

Read MoreChina-Linked Storm-1175 Leverages Zero-Day Vulnerabilities for Swift Medusa Ransomware Deployment

New PS1Bot Malware Campaign Utilizes Malvertising for Multi-Stage In-Memory Attacks

Aug 13, 2025
Malvertising / Cryptocurrency

Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.

New PS1Bot Malware Campaign Deploys Multi-Stage In-Memory Attacks via Malvertising August 13, 2025 Cybersecurity experts have uncovered a sophisticated malvertising campaign that aims to deploy a multi-stage malware framework known as PS1Bot. This threat is characterized by its modular architecture, allowing various malicious components to be executed on compromised systems.…

Read More

New PS1Bot Malware Campaign Utilizes Malvertising for Multi-Stage In-Memory Attacks

Aug 13, 2025
Malvertising / Cryptocurrency

Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

Cybercriminals Exploit ClickFix Strategy to Distribute CORNFLAKE.V3 Backdoor via Fake CAPTCHA Pages On August 21, 2025, cybersecurity experts reported a notable tactic employed by cybercriminals involving the deployment of a versatile backdoor, known as CORNFLAKE.V3, through a method termed ClickFix. This strategy was detailed by Mandiant, a subsidiary of Google,…

Read More

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

Active HanGhost Loader Campaign Targets Payment and Logistics Workflows in Enterprises

Emerging HanGhost Loader Malware Targets Corporate Finance and Operations A new malware campaign centered around the HanGhost loader is making waves, specifically targeting corporate environments. This malicious initiative primarily aims at employees involved in payment processing, logistics, and contract management. With a stealthy approach designed to evade detection, HanGhost seeks…

Read MoreActive HanGhost Loader Campaign Targets Payment and Logistics Workflows in Enterprises