Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.
VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...
In ClickFix attacks, victims are supposed to execute commands themselves to infect their systems. One campaign relies on Windows Terminal.
Get the PowerShell executable path on Windows. Check if PowerShell is accessible on Windows. This checks if the PowerShell executable exists and has execute permissions. Useful for detecting ...
Iran-linked Dust Specter targeted Iraqi officials using fake ministry lures and new malware families uncovered by Zscaler.
Master the step-by-step process to remove Microsoft Edge via PowerShell on Windows 10. Free up RAM, CPU, and storage for epic ...
A precise approach to everyday Windows breakdowns.
Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...
IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...
North Korean hacking group APT37 was seen deploying new implants, backdoors, and other tools in attacks targeting air-gapped ...
The Sophia Script is an open-source PowerShell module designed to debloat and fine-tune Windows 11 (and Windows 10). It is ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results