A fake ad-blocking browser extension is deliberately crashing Chrome and Edge to trick users into running malware on their own PCs.

Windows 11 KB5077221 arrives in the Canary Channel with built-in Sysmon support and updated sharing features for Insiders.

A threat actor is using Net Monitor for Employees and SimpleHelp to launch ransomware and cryptocurrency attacks.

Net Monitor allows users to customize the service and process names, and the intruder took advantage of this to disguise the agent as Microsoft OneDrive, registering the service as OneDriveSvc, naming ...

A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and ...

New research outlines how attackers bypass safeguards and why AI security must be treated as a system-wide problem.

Researchers revealed a Phorpiex-distributed phishing campaign using malicious LNK files to deploy Global Group ransomware ...

Security researchers warn of active attacks on SolarWinds Web Help Desk. Malicious actors are exploiting vulnerabilities to infiltrate systems and then ...

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in ...

At the same time, SolarWinds patched CVE-2025-40536, a high-severity (8.1 CVSS) security control bypass vulnerability that can allow an unauthenticated attacker to gain access to certain restricted ...

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.

A complex phishing campaign uses decentralized fake PDFs that mount virtual drives to silently install the AsyncRAT malware.