Microsoft

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with ...
The Hacker News

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

MuddyWater targeted 9 organizations in 9 countries during Q1 2026, using DLL side-loading to steal data and evade detection.

GPU mining malware spreads via SEO poisoning, AI chatbots

Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a ...
SecurityWeek

Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads

Dashlane has been targeted in a brute-force attack campaign that resulted in a limited number of encrypted vaults being ...

CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...
SecurityWeek

Iranian APT Targets Aviation, Software Companies With Updated Tools

Iranian APT Nimbus Manticore has updated tactics and tools in recent campaigns targeting aviation and software companies.
GitHub

powershell_4104_hunting.yml

description: The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field ...
GitHub

registry_keys_used_for_persistence.yml

description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...
The Hacker News

encryption | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security ...