Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration
Researchers Link MSHTA Windows Utility to Lumma Stealer, ClickFix CampaignsCybercriminals continue abusing Microsoft’s legacy MSHTA utility to deliver malware, with researchers saying that the default-enabled Windows component remains a favored living-off-the-land tool for PowerShell attacks, info stealers and multi-stage malware loaders.
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera
The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers.
Russian Intel Hackers Flexible in Face of DetectionRussia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.
Attack Chain Uses LNK Files, MSHTA and Memory InjectionPowerShell is becoming hackers' new favorite tool since they can load code directly into computer memory and evade traditional file-based detection methods, warn security researchers. A combination of LNK-MSHTA-PowerShell offers a stealthy and effective path to execution.
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT
Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit.
Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc
The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.
Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool
Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents
Financially Motivated Threat Group Embeds Malicious Code in ImagesFinancially motivated hackers are using the oldie-but-goodie technique of hiding malicious code in digital images to target businesses in Latin America, say security researchers. One image containing a PowerShell script results in Agent Tesla being loaded on the victim computer.
Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users
Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers
Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.