BlackSanta is a malware module that kills EDR and AV at the kernel level prior to unleashing the malware’s final purpose.

A：ClickFix攻击的新策略是让受害者使用Windows + X → I快捷键直接启动Windows终端，而不是之前的Windows + R打开运行对话框。这种方式可以躲避寻找异常运行命令的防御系统，并绕过相关的安全意识培训。

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

Something else to worry about.

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

After several years of using simple implants, the Russia-affiliated threat actor is back with two new sophisticated malware tools.

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

A modern Task Scheduler for Windows 11 exists now, and honestly Microsoft should be embarrassed. Plus, it's free.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

近期，Neowin报道了一起极具代表性的新型网络钓鱼活动，揭示了攻击者如何利用合法软件作为载体劫持用户计算机。在该案例中，攻击者并未直接分发含有恶意代码的可执行文件，而是诱导用户下载并运行完全合法、拥有有效数字签名的软件工具（如AnyDesk、Tea ...

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...