Security news aggregator

Latest coverage for PowerShell

PowerShell is Microsoft's task-automation shell and scripting platform, whose capabilities affect endpoint administration, abuse, and security controls.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

PowerShell is a command-line shell and scripting language for automating administration and configuration. It began as a Windows technology and is also available on Linux and macOS; its security-relevant features include access to operating-system APIs, scripting, and remote management. Administrators and defenders use it for tasks such as configuration enforcement, log analysis, and investigation.

Because PowerShell can download, decode, and execute scripts and use trusted administrative interfaces, attackers may abuse it for execution, persistence, credential access, or lateral movement, especially after obtaining valid permissions. PowerShell itself is not inherently malicious or a universal antivirus bypass. Useful controls include applying updates to the relevant PowerShell edition and its runtime, limiting script and remoting privileges, and enabling detailed logging such as script-block and transcription logs. Security teams can correlate those records with process, authentication, and network telemetry; controls such as application allowlisting and constrained language mode can further reduce abuse, while preserving required administrative workflows.

Volume over time

Weekly headline count for the current query.

Showing 6 most recent headlines Filtered view
Bank Info Security 1 month, 4 weeks ago

Legacy Microsoft Utility Fuels New Wave of Malware

Researchers Link MSHTA Windows Utility to Lumma Stealer, ClickFix CampaignsCybercriminals continue abusing Microsoft’s legacy MSHTA utility to deliver malware, with researchers saying that the default-enabled Windows component remains a favored living-off-the-land tool for PowerShell attacks, info stealers and multi-stage malware loaders.

Bank Info Security 8 months, 3 weeks ago

Russia's Coldriver Revamps Malware to Evade Detection

Russian Intel Hackers Flexible in Face of DetectionRussia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.

Bank Info Security 10 months, 2 weeks ago

Cryptohack Roundup: El Salvador Splits Bitcoin Reserve

Also: PowerShell-Based Cryptojacking Attack, a Malvertising CampaignThis week, El Salvador split its bitcoin reserve, an Indian court jailed cops for crypto kidnapping, a PowerShell-based cryptojacking attack, a malvertising campaign targeted Android users, a Venus Protocol hack, malware hid in npm packages using smart contracts for evasion and Bunni DEX exploit.

Bank Info Security 1 year, 2 months ago

Fileless PowerShell Loader Deploys Remcos RAT

Attack Chain Uses LNK Files, MSHTA and Memory InjectionPowerShell is becoming hackers' new favorite tool since they can load code directly into computer memory and evade traditional file-based detection methods, warn security researchers. A combination of LNK-MSHTA-PowerShell offers a stealthy and effective path to execution.

Goffee Targets Russian Entities With USB-Based PowerShell MalwareA threat actor that focuses on Russian targets is spreading a new PowerShell implant that includes modules for stealing files from thumb drives and propagating itself through a USB worm. Its targets include critical infrastructure sectors such as energy, telecommunications and government.

Bank Info Security 2 years, 3 months ago

Steganography Campaign Targets Global Enterprises

Financially Motivated Threat Group Embeds Malicious Code in ImagesFinancially motivated hackers are using the oldie-but-goodie technique of hiding malicious code in digital images to target businesses in Latin America, say security researchers. One image containing a PowerShell script results in Agent Tesla being loaded on the victim computer.