ClickFix已成为去年最常用的初始访问手段，占微软观测攻击的47%。最新变种针对社交媒体内容创作者，谎称可获取免费认证徽章，诱导用户通过视频教程从浏览器cookie复制认证令牌至虚假表单。据Hunt.io统计，自2025年9月活跃的该活动涉及115个网页和8个数据外传端点，主要目标是创作者、盈利页面和寻求认证的企业。

This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ...

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...

North Korean group Konni uses AI-assisted PowerShell malware and phishing via Google ads and Discord to breach blockchain ...

North Korean hacking group Konni is now targeting blockchain engineers with artificial intelligence-generated malware.

The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector.

Not all applications are created with remote execution in mind. PowerShell provides several ways to invoke applications on ...

Learn how to design and build your own interactive menus inside your PowerShell scripts. This will help non-PowerShell users easily navigate and use them.

Struggling with PowerShell Execution Policy Error on Windows 11? Discover step-by-step solutions to resolve it safely and ...

A worker searching for an adblocker ended up installing malware instead after threat actor KongTuke pushed a fake Chrome ...

“如今的AsyncRAT不再是‘玩具’，而是具备企业级破坏力的战术载荷。”公共互联网反网络钓鱼工作组技术专家芦笛在接受本报采访时指出，“攻击者不再依赖传统C2服务器，而是把恶意逻辑拆解、加密、藏进OneDrive、Google ...