Advertisement
Meta Disrupts 150,000 Scam Center Accounts and Deploys New Tools
Meta disables 150,000 accounts linked to industrial-scale scam centers in Southeast Asia and introduces new protective tools against forced labor fraud.
Meta Anti-Scam Tools: Facial Recognition and WhatsApp Protection
Meta implements facial recognition and enhanced messaging warnings to combat celeb-bait ads and account takeovers across WhatsApp, Facebook, and Messenger.
InstallFix Attacks: Malvertising Spreads Fake Claude AI Code
InstallFix attacks leverage malvertising and ClickFix-style techniques to spread fake Claude AI code, targeting users of coding assistants and CLI operations.
Microsoft Teams Phishing Deploys A0Backdoor via Quick Assist
Attackers are targeting healthcare and finance employees with Microsoft Teams phishing to deploy A0Backdoor using the native Windows Quick Assist tool.
Microsoft Teams Third-Party Bot Tagging Enhances Meeting Security
Microsoft Teams updates meeting lobbies to identify third-party bots, helping administrators prevent unauthorized data collection and social engineering.
ClickFix Attack: Windows Terminal Used for Detection Evasion
The ClickFix attack leverages fake CAPTCHA pages to trick users into pasting malicious commands into Windows Terminal, bypassing traditional detection methods.
Velvet Tempest Deploys Termite Ransomware via ClickFix and CastleRAT
Velvet Tempest leverages ClickFix social engineering and CastleRAT to deploy Termite ransomware, using legitimate Windows tools for stealthy execution.
North Korean APTs Leverage AI for Enhanced IT Worker Scams
North Korean APTs are leveraging AI, including deepfakes, to enhance IT worker scams. This poses financial and reputational risks to companies hiring remote talent
Windows Terminal Exploited in ClickFix Campaign for Lumma Stealer
Microsoft identifies a new ClickFix campaign using Windows Terminal to deliver Lumma Stealer. Analysis of social engineering TTPs and mitigation steps included.
Enterprise Browser Security: Emerging Blind Spots & AI Web Tool Risks
Keep Aware's 2026 report reveals critical enterprise browser security gaps, citing AI web tool use, phishing, and extensions as major blind spots for defenders.
Fake IT Support Campaigns Deploy Customized Havoc C2 Payloads
Huntress identifies a new campaign using fake IT support lures and vishing to deploy Havoc C2 for data exfiltration and ransomware delivery.
Fake Recruiters Deploy Malware via Malicious Coding Challenges
North Korean threat actors are targeting software developers with fake job offers and malicious coding tests to deploy malware on developer workstations.