Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

Chinese state hackers target telcos with new malware toolkit

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge ...
SecurityWeek

ClickFix Attack Uses Windows Terminal to Evade Detection

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.
Microsoft

Signed malware impersonating workplace apps deploys RMM backdoors

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...
SecurityWeek

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents

Preventing of the consequence of cracked or pirated software focuses on user awareness training to recognize the threat.
Redmondmag.com

Signed Malware Impersonating Workplace Apps Used To Deploy RMM Backdoors

Microsoft's Defender Security Research Team has identified a series of phishing campaigns in which an unknown attacker used digitally signed malware masked as common workplace applications to deploy ...