IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Cisco Talos tracks UAT-10027 targeting U.S. education and healthcare with Dohdoor DoH-based backdoor and Cobalt Strike ...

PowerShell modules allow you to combine multiple scripts to simplify code management. Learn step-by-step instructions for creating and using these modules.

These four simple PowerShell scripts fix common Windows headaches and save time with quick, copy-and-paste commands.

Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect ...

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were ...

This repository contains PowerShell scripts organized by Azure service categories. Scripts include proper error handling, parameter validation, and follow PowerShell ...

For many Windows users, PowerShell is just a strange black window you open once in a while to paste a command from a forum. In reality, PowerShell is one of the most powerful tools built into Windows.

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft ...