Security news aggregator

Latest coverage for PowerShell

PowerShell is Microsoft's task-automation shell and scripting platform, whose capabilities affect endpoint administration, abuse, and security controls.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

PowerShell is a command-line shell and scripting language for automating administration and configuration. It began as a Windows technology and is also available on Linux and macOS; its security-relevant features include access to operating-system APIs, scripting, and remote management. Administrators and defenders use it for tasks such as configuration enforcement, log analysis, and investigation.

Because PowerShell can download, decode, and execute scripts and use trusted administrative interfaces, attackers may abuse it for execution, persistence, credential access, or lateral movement, especially after obtaining valid permissions. PowerShell itself is not inherently malicious or a universal antivirus bypass. Useful controls include applying updates to the relevant PowerShell edition and its runtime, limiting script and remoting privileges, and enabling detailed logging such as script-block and transcription logs. Security teams can correlate those records with process, authentication, and network telemetry; controls such as application allowlisting and constrained language mode can further reduce abuse, while preserving required administrative workflows.

Showing 3 most recent headlines Filtered view

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks