Security news aggregator

Latest coverage for Antivirus

Antivirus software detects, blocks, and removes malicious code, helping reduce the risk of malware-driven data theft and system disruption.

11 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Antivirus software scans files and running processes to detect and remove malicious code such as viruses, worms, trojans, ransomware, and spyware. It uses signature databases, heuristic rules, and behavioral analysis to identify threats during real-time monitoring or scheduled scans. Regular updates to detection rules are necessary to recognize new malware variants and reduce false negatives.

While antivirus helps block many common malware infections on endpoints, it has limited effectiveness against advanced threats like fileless malware or attacks that evade signature detection. Security teams should combine antivirus with complementary tools such as endpoint detection and response (EDR) to improve visibility and threat hunting. Proper tuning is important to minimize false positives and performance impacts that can disrupt operations or obscure genuine alerts.

Showing 11 most recent headlines Filtered view

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication

Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure

Eset Links Group's Growth to Integrated Endpoint-Killing ToolsEset researchers say the rapidly growing Gentlemen ransomware operation differentiates itself by supplying affiliates with a standardized EDR-killer suite that disables security tools, quickly incorporates newly disclosed vulnerable drivers and helps scale attacks across multiple regions worldwide.

Microsoft confirmed the RoguePlanet Defender zero-day (CVE-2026-50656), a privilege escalation flaw, and is developing a security patch. Microsoft has acknowledged the RoguePlanet zero-day affecting Microsoft Defender, tracked as CVE-2026-50656 (CVSS score of 7.8). The vulnerability allows privilege escalation through the Microsoft Malware Protection Engine. The company stated it is aware of the issue and is […]

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. The post From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet appeared first on Microsoft Security Blog.

DragonForce hid for months by routing malware traffic through Microsoft Teams infrastructure, masking C2 activity and evading network detection. DragonForce ransomware operators hit a major U.S. services firm and stayed hidden for one to two months by routing their command-and-control traffic through Microsoft’s own Teams relay servers. Symantec’s threat hunters tracked the custom backdoor they […]

China-linked FishMonger used two SprySOCKS Windows variants that leveraged kernel drivers and the Print Spooler to target governments in four countries. ESET researchers have found two previously undocumented Windows versions of SprySOCKS, a backdoor that the security community had until now treated as Linux-only. Trend Micro first documented the Linux variant in September 2023 and […]

Researchers Identified Two Undocumented Variants Used Since 2023Eset uncovered two previously undocumented Windows variants of the China-linked SprySocks backdoor tied to FishMonger and iSoon, revealing expanded espionage capabilities, rootkit-based stealth and continued targeting of government organizations across Asia and Central America.