New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
Windows Report

Exchange Online PowerShell Drops -Credential Support as MFA Push Continues

Microsoft will remove the -Credential parameter from Exchange Online PowerShell by June 2026, forcing admins to adopt MFA.
CSO Online

Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn

Permissive AI access and limited monitoring could allow malware to hide within trusted enterprise traffic, thereby ...

February’s Patch Tuesday release fixes 59 flaws, including 6 being exploited

IT admins will be busy this month patching Microsoft software and apps, but not nearly as busy as they were in January.