New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Chinese hackers exploiting Dell zero-day flaw since mid-2024

A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks ...
SecurityWeek

BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release

Threat actors began targeting a recently patched BeyondTrust vulnerability shortly after a proof-of-concept (PoC) exploit was released.

Microsoft announces powerful tool for security teams using Defender

Microsoft just gave Defender a powerful new upgrade that could transform how security teams hunt and respond to threats.
CSO Online

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.
Nature

CT scans offer fresh insight

When a new type of high-resolution computed tomography (CT) device was unveiled in Japan in 2017, it revolutionized the field, offering more than twice the resolution of conventional CT devices. This ...