Security Boulevard

Dust Specter APT Targets Government Officials in Iraq

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...
Bleeping Computer

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...
Cybernews

AI-driven hacking uses booking.com and Microsoft Teams in vibe coding and “flat pack ...

AI is helping cybercriminals to rapidly assemble malware with flat-pack efficiency. It’s almost like buying a sofa from Ikea, ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
Infosecurity Magazine

Fraud Investigation Reveals Sophisticated Python Malware

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.
Microsoft

Signed malware impersonating workplace apps deploys RMM backdoors

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...

OCRFix僵尸网络利用ClickFix技术的攻击机理

随着端点检测与响应(EDR)技术及反病毒软件的日益成熟,传统依赖于可执行文件(.exe, .dll)落地执行的恶意软件生存空间受到极大挤压。攻击者被迫不断演进其战术、技术与过程(TTPs),寻求更隐蔽的入侵途径。在此背景下,“无文件攻击”逐渐成为主流趋势,其核心特征是不在磁盘上留下明显的恶意文件实体,而是利用操作系统自带的合法管理工具(如PowerShell, WMI, PsExec等)在内存中执 ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
eWeek

Alibaba Unleashes Qwen3.5, a 397B-Parameter Beast

Alibaba unveiled Qwen3.5, an open-weight, 397-billion-parameter mixture-of-experts model that only wakes up 17 billion neurons per prompt. The payoff? You get 60% lower inference ...

Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks.
Opinion
Business DayOpinion

The rising shadow of python malware: A national call to digital vigilance

There are moments in the evolution of a nation when a single incident, seemingly isolated, exposes a deeper and more troubling ...