Tag: powershell
-
Threat Actors Exploit Oracle Database Scheduler to Infiltrate Corporate Networks
Threat actors have begun exploiting the Oracle Database Scheduler’s External Jobs feature to execute arbitrary commands on corporate database servers, enabling stealthy initial footholds and rapid escalation of privileges. By abusing the extjobo.exe executable, attackers can run encoded PowerShell commands, establish encrypted tunnels with Ngrok, and deploy ransomware, all while evading detection through aggressive cleanup…
-
Weaponized ScreenConnect App Spreads AsyncRAT and PowerShell RAT
Remote Monitoring and Management tools such as ConnectWise ScreenConnect have earned a reputation for simplifying IT administration, but they have also drawn the attention of sophisticated attackers. By abusing ScreenConnect’s trusted installation footprint and deep system privileges, adversaries are now trojanizing installers to deploy dual Remote Access Trojans (RATs)”, AsyncRAT and a custom PowerShell RAT”,…
-
New Loader “CountLoader” Uses PDFs to Launch Ransomware Attacks
Security researchers have uncovered a sophisticated new malware loader called >>CountLoader
-
Stealth in Plain Sight: Cryptojackers Hijack PowerShell and Windows Processes to Evade Detection
Darktrace researchers uncovered a sophisticated cryptojacking attempt using PowerShell scripts to inject NBMiner into Windows processes. Experts warn that modern cryptomining malware is more than a nuisance”, posing risks to productivity, data security, and energy costs while exploiting “living off the land” tactics to evade detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/stealth-in-plain-sight-cryptojackers-hijack-powershell-and-windows-processes-to-evade-detection/
-
FileFix Campaign Using Steganography and Multistage Payloads
FileFix campaign hides PowerShell script and encrypted EXEs in JPGs via multilingual phishing First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/filefix-steganography-multistage/
-
PKI – Die versteckten Kosten von nachlässigem Schlüsselmanagement
In vielen Unternehmen wird PKI-Management immer noch mit Bordmitteln betrieben. Statt professioneller Tools kommen Excel-Tabellen, Google Calendar, Snipe-IT, eigene PowerShell-Skripte, IT Glue oder sogar Helpdesk-Tickets zum Einsatz. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/pki-die-versteckten-kosten-von-nachlaessigem-schluesselmanagement/a42051/
-
New ransomware Yurei adopts open-source tools for double-extortion campaigns
Tags: access, attack, authentication, backup, breach, ciso, cloud, control, data, edr, extortion, flaw, intelligence, Internet, mfa, network, open-source, phishing, powershell, ransomware, resilience, risk, service, switch, threat, tool, windowsBigger risks beyond downtime: The double-extortion ransomware appears to be an early version, as it has loopholes. Ransomware often targets and deletes shadow copies to block victims from using Windows’ built-in recovery options. But Yurei did not delete the shadow copies, which, if enabled, can allow the victim to restore their files to a previous…
-
Yurei Ransomware Uses PowerShell to Deploy ChaCha20 File Encryption
A newly discovered ransomware group called Yurei has emerged with sophisticated encryption capabilities, targeting organizations through double-extortion tactics while leveraging open-source code to rapidly scale operations. First observed on September 5, 2025, this Go-based ransomware employs the ChaCha20 encryption algorithm and PowerShell commands to compromise victim systems, marking another evolution in the ransomware-as-a-service ecosystem. Flow…
-
9 unverzichtbare Open-Source-Security-Tools
Tags: attack, authentication, backdoor, blueteam, breach, ciso, cyersecurity, data-breach, encryption, incident response, intelligence, linux, mail, malware, monitoring, open-source, powershell, privacy, risk, software, sql, threat, tool, vulnerability, windowsDiese Open-Source-Tools adressieren spezifische Security-Probleme mit minimalem Footprint.Cybersicherheitsexperten verlassen sich in diversen Bereichen auf Open-Source-Lösungen nicht zuletzt weil diese im Regelfall von einer lebendigen und nutzwertigen Community gestützt werden. Aber auch weil es inzwischen Hunderte qualitativ hochwertiger, quelloffener Optionen gibt, um Breaches und Datenlecks auf allen Ebenen des Unternehmens-Stacks zu verhindern.Falls Sie nun gedanklich bereits…
-
Stealthy AsyncRAT flees the disk for a fileless infection
Tags: access, best-practice, control, credentials, infection, malicious, malware, monitoring, phishing, powershell, rat, theft, threat, update, windowsRAT with evasion and persistence: Once AsyncRAT was loaded, the attackers took steps to disrupt Windows defenses. The report notes techniques such as disabling Anti-malware Scan Interface (AMSI) and tampering with Event Tracking for Windows (ETW), both critical features for runtime detection. To maintain persistence, they created a scheduled task disguised as “Skype Update,” ensuring…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python
Pro tip, don’t install PowerShell commands without approval First seen on theregister.com Jump to article: www.theregister.com/2025/09/05/clickfix_castlerat_malware/
-
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT.”Available in both Python and C variants, CastleRAT’s core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell,” Recorded Future Insikt Group First seen on…
-
Cryptohack Roundup: El Salvador Splits Bitcoin Reserve
Also: PowerShell-Based Cryptojacking Attack, a Malvertising Campaign. This week, El Salvador split its bitcoin reserve, an Indian court jailed cops for crypto kidnapping, a PowerShell-based cryptojacking attack, a malvertising campaign targeted Android users, a Venus Protocol hack, malware hid in npm packages using smart contracts for evasion and Bunni DEX exploit. First seen on govinfosecurity.com…
-
NoisyBear Exploits ZIP Files for PowerShell Loaders and Data Exfiltration
The threat actor known as NoisyBear has launched a sophisticated cyber-espionage effort called Operation BarrelFire, using specially designed phishing lures that imitate internal correspondence to target Kazakhstan’s energy sector, particularly workers of the state oil and gas major KazMunaiGas. Security researchers at Seqrite Labs first observed the campaign in April 2025 and noted its rapid…
-
New ClickFix Attack Deploys Fake BBC News Page and Fake Cloudflare Verification to Deceive Users
Cybersecurity researchers have uncovered a novel ClickFix attack variant that impersonates trusted BBC news content while leveraging counterfeit Cloudflare Turnstile verification interfaces to coerce users into executing malicious PowerShell commands. This campaign, detailed in recent analyses from sources like Cybersecurity News and ESET, exploits user familiarity with legitimate web security protocols to deliver a range…
-
USB Malware Campaign Spreads Cryptominer Worldwide
A multi-stage attack delivered via USB devices has been observed installing cryptomining malware using DLL hijacking and PowerShell First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/usb-malware-spreads-cryptominer/
-
Hackers Exploit ClickFix Technique to Compromise Windows and Run PowerShell Commands
Threat actors have begun a geographically focused campaign against Israeli infrastructure and corporate entities in a sophisticated cyber incursion discovered by Fortinet’s FortiGuard Labs. Delivered exclusively through Windows systems via PowerShell scripts, the attack chain enables remote access, facilitating data exfiltration, persistent surveillance, and lateral movement within compromised networks. Classified as high severity, this operation…
-
UAC-0099 Tactics, Techniques, Procedures and Attack Methods Revealed
Tags: attack, cyber, defense, email, espionage, government, malicious, military, phishing, powershell, spear-phishing, tactics, threat, ukraineUAC-0099, a persistent threat actor active since at least 2022, has conducted sophisticated cyber-espionage operations against Ukrainian government, military, and defense entities, evolving its toolkit across three major campaigns documented in CERT-UA alerts from June 2023, December 2024, and August 2025. Initially relying on the PowerShell-based LONEPAGE loader delivered via spear-phishing emails with malicious attachments…
-
Silent Watcher Targets Windows Systems, Steals Data via Discord Webhooks
K7 Labs investigated the Cmimai Stealer, a Visual Basic Script (VBS)-based infostealer that surfaced in June 2025 and uses PowerShell and native Windows scripting to secretly exfiltrate data. This is a recent development in the cybersecurity environment. This malware, first highlighted in a tweet, operates as a lightweight threat actor tool that circumvents execution policies,…
-
How Machine Learning Detects Living off the Land (LotL) Attacks
Elite cybercriminals prefer LotL attacks because they’re incredibly hard to spot. Instead of deploying obvious malware, attackers use the same trusted tools that an IT team relies on daily, such as PowerShell, Windows Management Instrumentation (WMI) and various integrated utilities on almost every computer. When attackers use legitimate system tools, traditional security software thinks everything…
-
The role of the cybersecurity PM in incident-driven development
From PowerShell abuse to USB data theft, modern threats hit fast”, and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-role-of-the-cybersecurity-pm-in-incident-driven-development/
-
Malicious LNK File Posing as Credit Card Security Email Steals User Data
Tags: authentication, credit-card, cyber, data, email, exploit, finance, malicious, powershell, threatThreat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named >>card_detail_20250610.html.lnk,
-
Video-Tipp #71: Harden Windows Security – Windows 11 härten mit PowerShell-Modul ‘Harden Windows Security”
First seen on security-insider.de Jump to article: www.security-insider.de/harden-windows-security-tool-tipps-a-a07c534dead5f34edae6082e2dfa3270/