New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
Infosecurity-magazine.com

Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware

An unknown PowerShell backdoor has been discovered alongside a new variant of the Zloader/SilentNight malware, Walmart’s Cyber Intelligence Team has reported. The PowerShell backdoor has been ...
techtimes

Researchers Track AI-Written PowerShell Script That Deploys Infostealer Malware

In a recent cybersecurity finding by Proofpoint researchers, a threat actor utilized a PowerShell script, likely generated with the assistance of artificial intelligence (AI) systems such as OpenAI's ...
CSOonline

Rising ClickFix malware distribution trick puts PowerShell IT policies on notice

IT teams should revisit PowerShell restrictions as an increasingly used click-and-fix technique has users self-serving fake system issues by invoking malicious PowerShell scripts themselves, reducing ...
GIGAZINE

Fake Windows activation domains used to spread PowerShell malware

typosquatting using names that are very similar to the domains used for activation in Microsoft Activation Scripts (MAS), an open-source tool that can activate licenses for Windows and Microsoft ...
ZDNet

Proof-of-concept malware targets Windows PowerShell

Virus writers in Austria have reportedly developed malicious code that targets Windows PowerShell, the command line interface (CLI) shell and scripting language product being developed by Microsoft.
Computer Weekly

Fileless attacks surge as hackers exploit PowerShell scripts

The latest quarterly threat report from McAfee noted a fourfold increase in fileless hacking attacks utilising Microsoft PowerShell scripts. PowerShell is used mainly to automate administration tasks, ...