powershell Archives • Page 2 of 5 • Daily CyberSecurity

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War

Do Son January 9, 2026

Microsoft is evidently cognizant of the Microsoft Activation Scripts (MAS), a popular open-source utility; moreover, the corporation...

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC

Do Son December 26, 2025

The well-known activation tool MAS offers a PowerShell command that allows users to load an activation script...

The PowerShell Pivot: MAS Roadmap Reveals End of Batch Scripting Era MAS PowerShell migration, Windows activation roadmap

The PowerShell Pivot: MAS Roadmap Reveals End of Batch Scripting Era

Do Son December 24, 2025

The development team behind the well-known activation tool MAS recently published a blog post outlining its future...

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs AuraStealer, Scam-Yourself

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs

Do Son December 22, 2025

A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that...

Phantom v3.5 Alert: New Info-Stealer Disguised as Adobe Update Uses SMTP to Loot Digital Lives Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Phantom v3.5 Alert: New Info-Stealer Disguised as Adobe Update Uses SMTP to Loot Digital Lives

Do Son December 19, 2025

A new variant of the Phantom information stealer has emerged in the wild, masquerading as a routine...

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users systeminformation RCE, Node.js Command Injection

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users

Do Son December 18, 2025

A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of...

DiCaprio Movie Torrent Lures Users: Agent Tesla Deployed via Malicious LNK and Subtitle File Code Hiding Agent Tesla Movie Lure, Subtitle File Infection

Agent Tesla Movie Lure, Subtitle File Infection

DiCaprio Movie Torrent Lures Users: Agent Tesla Deployed via Malicious LNK and Subtitle File Code Hiding

Do Son December 12, 2025

Cybersecurity researchers have uncovered a new, sophisticated malware campaign targeting movie pirates with a lure they can’t...

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE

Do Son December 10, 2025

Microsoft has closed out the year with a substantial security update, addressing 72 vulnerabilities across its ecosystem...

JS#SMUGGLER Malware Evades EDR Using “Junk Code” JavaScript and Fileless PowerShell to Deploy NetSupport RAT JS#SMUGGLER, Junk Code Obfuscation

JS#SMUGGLER Malware Evades EDR Using “Junk Code” JavaScript and Fileless PowerShell to Deploy NetSupport RAT

Do Son December 9, 2025

A sophisticated new malware campaign has been uncovered targeting enterprise users through compromised websites, employing a complex...

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory Amatera ClickFix, AMSI Bypass

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory

Do Son November 18, 2025

eSentire’s Threat Response Unit (TRU) has uncovered a widespread malware operation leveraging a deceptive social-engineering technique known...

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel

Do Son October 31, 2025

Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...

WhatsApp antitrust API probe India SIM-Binding Mandate Messaging App KYC WhatsApp DMA Interoperability BirdyChat Haiket Denmark Social Media Ban CVE-2025-55177 WhatsApp vulnerability, zero-click flaw npm Malware, System Wipe WhatsApp Windows App, WebView2 Downgrade WhatsApp Ban, US House NSO WhatsApp, Pegasus Spyware WhatsApp iPad iPadOS app

Water Saci Evolves: Multi-Layered WhatsApp Worm Uses IMAP Email for Covert C2 and Session Hijacking

Do Son October 29, 2025

Researchers from Trend Research have identified a major evolution in the Water Saci malware campaign, marking one...

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access

Do Son October 27, 2025

eSentire’s Threat Response Unit (TRU) has exposed a major wave of malicious campaigns abusing the NetSupport Manager...

PhantomCaptcha Spyware Targets Ukraine NGOs with Fake Cloudflare Lure to Deploy WebSocket RAT

Do Son October 24, 2025

Researchers from SentinelLABS, in collaboration with the Digital Security Lab of Ukraine, have exposed a coordinated spearphishing...

Zero-Download Malware: New Cache Smuggling Phishing Attack Delivers Payload via Browser Cache DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

Zero-Download Malware: New Cache Smuggling Phishing Attack Delivers Payload via Browser Cache

Do Son October 10, 2025

Security researchers from Expel have discovered a new phishing campaign that creatively blends social engineering with browser...

New LNK Malware Uses Windows LOLBins to Evade Detection Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

New LNK Malware Uses Windows LOLBins to Evade Detection

Do Son September 25, 2025

Researchers at K7 Security Labs have uncovered a new wave of Windows shortcut (.LNK) malware that exploits...

A Farewell to PowerShell 2.0: Microsoft’s Legacy Tool Is Gone from Windows 11 PowerShell 2.0, Windows 11 Removal

A Farewell to PowerShell 2.0: Microsoft’s Legacy Tool Is Gone from Windows 11

Do Son August 15, 2025

In the Windows 11 Canary Build 27981 released on July 7, Microsoft removed the outdated and insecure...

PS1Bot Malware Campaign Unleashes Modular PowerShell Framework with Stealthy New Tricks ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

PS1Bot Malware Campaign Unleashes Modular PowerShell Framework with Stealthy New Tricks

Do Son August 14, 2025

Cisco Talos has uncovered an ongoing and highly active malware campaign deploying a sophisticated, modular framework dubbed...

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations PowerShell Phishing

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations

Do Son August 13, 2025

The FortiMail Workspace Security team has uncovered a targeted intrusion campaign against multiple Israeli organizations, exploiting compromised...

DarkCloud Rises: New Fileless Stealer Uses PowerShell & Process Hollowing to Evade Detection DarkCloud Stealer, Fileless Malware

DarkCloud Rises: New Fileless Stealer Uses PowerShell & Process Hollowing to Evade Detection

Do Son August 11, 2025

Researchers from Fortinet’s FortiGuard Labs detected a new DarkCloud campaign deploying a stealthy, fileless payload through a...

Critical Alert 1 Active Exploit Detected Today