WhatsApp malware campaign delivers VBScript and MSI backdoors
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain.
-
-
How Microsoft Defender protects high-value assets in real-world attack scenarios
High-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. -
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
Threat actors abused trusted Trivy distribution channels to inject credentialโstealing malware into CI/CD pipelines worldwide. -
Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started
Microsoft Defender stopped a human-operated ransomware attack that abused Group Policy Objects (GPOs) to disable defenses and push encryption at scale. -
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll forms, filing reminders, and requests from tax professionals, to push malicious attachments, links, or QR codes. -
Contagious Interview: Malware delivered through fake developer job interviews
The Contagious Interview campaign weaponizes job recruitment to target developers. -
Malicious AI Assistant Extensions Harvest LLM Chat Histories
Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. -
Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale
Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoftโs Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FAโs infrastructure and operations. -
Signed malware impersonating workplace apps deploys RMM backdoors
Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise environments. -
OAuth redirection abuse enables phishing and malware delivery
OAuth redirection is being repurposed as a phishing delivery path. -
Developer-targeting campaign using malicious Next.js repositories
A developer-targeting campaign leveraged malicious Next. -
Running OpenClaw safely: identity, isolation, and runtime risk
Self-hosted agents execute code with durable credentials and process untrusted input.
