New TELEPUZ malware spreads through ClickFix, then steals browser cookies, logs keystrokes, runs commands, and installs ...
This app turned firewall rules from secret paperwork into buttons I could actually use.
A multi-stage phishing campaign is impersonating India’s Income Tax Department to deploy both Gh0st RAT and AsyncRAT, giving ...
Race condition in Windows Push Notifications service (WpnService) that runs as NT AUTHORITY\SYSTEM. An attacker with local access can trigger a use-after-free during platform shutdown and potentially ...
Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors. A newly uncovered APT is relying on legitimate services for command-and-control (C&C) ...
In most scenarios, the CPU is consumed by the *WmiPrvse.exe* process, and there are a few instances where *svchost.exe* hosting the WMI service (Winmgmt) is consuming high CPU usage. ### Review the ...
I'd like to thank my coauthors, Victor Vrabie, Adrian Schipor, and Martin Zugec, for their invaluable contributions to this research. TL;DR A Chinese APT group compromised a Philippine military ...
Windows has a bug where users won’t be able to upgrade to Windows 11 24H2 when they’re using WSUS (Windows Server Update Services) to deploy updates. If you try to upgrade, Windows Update service host ...
Many Windows users experience a bizarre and highly menacing problem where a specific process named svchost.exe (netsvcs) starts requisitioning and using more and more RAM after the affected computer ...
A newly discovered Golang backdoor is abusing Telegram for communication with its command-and-control (C&C) server. A recently discovered backdoor written in the Go programming language is abusing ...