malware

Few threats in today’s digital landscape have demonstrated such rapid, widespread, and evolving danger as the Lumma information-stealing malware currently impacting hundreds of thousands of Windows PCs. In just two months, Microsoft’s security researchers detected Lumma—also known as LummaC2—on...

The global scale and sophistication of cybercrime reached new heights with the recent crackdown on the notorious Lumma malware network, as revealed by Microsoft in partnership with law enforcement agencies worldwide. For many Windows users and enterprises, this revelation isn’t just another...

Over the past year, the threat landscape for Windows users has evolved with increasing sophistication, and few examples illustrate this shift better than the rise of Lumma Stealer—a prolific infostealer that has aggressively targeted individuals and organizations across industries. The...

A surge of deceptive AI-powered video generation tools has recently been identified as the latest vehicle for distributing a new, highly sophisticated information-stealing malware family known as Noodlophile. According to a detailed report from Morphisec and corroborated by cybersecurity news...

Enticing users with the promise of AI-powered video creation, cybercriminals have launched a new campaign distributing a previously undocumented malware family, Noodlophile, strategically camouflaged as cutting-edge video generation tools. This campaign uses the allure of widely hyped artificial...

Microsoft's Patch Tuesday on March 11, 2025, introduced crucial security updates, among them a vulnerability labeled CVE-2025-24054 impacting the NTLM authentication protocol. Though Microsoft initially rated this vulnerability as "less likely" to be exploited, reality quickly contradicted that...

Microsoft's March 2025 Patch Tuesday brought an extensive lineup of bug fixes, but among these was a vulnerability that would quickly escalate into a significant security incident: CVE-2025-24054, an NTLM hash-leaking flaw. While Microsoft initially considered this vulnerability "less likely" to...

In early April 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability, identified as CVE-2025-22457, to its Known Exploited Vulnerabilities Catalog. This vulnerability affects Ivanti's Connect Secure, Policy Secure, and ZTA Gateways, posing significant...

If you thought the world’s cybercriminals were toiling away in dimly lit basements hunched over endless lines of code, it’s about time you met SessionShark—a phishing-as-a-service (PhaaS) toolkit that gleefully blurs the lines between black hat innovation and Saturday-morning infomercial...

Take a moment and imagine: you're sipping your morning coffee, confidently clicking through your inbox, oblivious to the brewing digital storm that is script-based malware—modern cyber villainy dressed not in diabolical binaries, but in the unassuming garb of JavaScript, PowerShell, or, heaven...

When Microsoft stamped its latest security vulnerability as low risk, they probably didn’t expect hackers to treat it like Black Friday at a bug bazaar. Turning "Low Risk" into Worldwide Mayhem: The Unlikely Rise of CVE-2025-24054 On March 11—just another Patch Tuesday in corporate IT...

Hello, Apps I've set to turn on on startup actually reset by themselves. I can't tell what instigates it. If I change the app's settings and restart my computer, the app doesn't reset. But, when my computer is off for the night, the setting is reset to not turn on on startup. If someone could...

They beckon seductively from restaurant tabletops, leap out at us from bus ads, and dangle from the bottom of suspicious emails like a worm on a fishing line—QR codes, those enigmatic square mazes of pixels, are now as much a fixture of daily life as the coffee-ring stains around them. Yet...

In the ever-evolving landscape of cybersecurity, the discovery of vulnerabilities within trusted software can have far-reaching consequences. A recent investigation by Trend Micro's Zero Day Initiative (ZDI) has brought to light two critical vulnerabilities—ZDI-23-1527 and ZDI-23-1528—in...

Downloaded Office Software: A Trove of Hidden Cyber Dangers A seemingly innocent download of an Office software package might be a wolf in sheep's clothing. Recent cybersecurity findings reveal a sophisticated cyber threat – malware disguising itself as a Microsoft Office add-on – that poses...

Windows Malware Menace via WhatsApp Spoofing: A Deep Dive A critical vulnerability in WhatsApp for Windows, recently patched in version 2.2450.6, exposes users—both casual and corporate—to remote malware attacks. Known as CVE-2025-30401, this flaw enables a form of file spoofing where...

Unintended Consequences: How a Severity in WhatsApp for Windows Puts Users at Risk A recently identified vulnerability in WhatsApp for Windows has sent shockwaves through the cybersecurity community. Imagine receiving a seemingly harmless JPEG attachment from a friendly neighborhood contact—only...

Microsoft Excel has long been a workhorse for business, finance, and everyday productivity. However, even the most trusted tools can harbor hidden dangers. Recently, a new vulnerability—CVE-2025-27750—has come to light, targeting Microsoft Office Excel through a classic “use-after-free” flaw. In...

A critical vulnerability has emerged that could reshape how we view the security of our trusted productivity tools. CVE-2025-29820 is a use-after-free flaw found in Microsoft Office Word—a flaw that enables an attacker, with local access or via tricking a user into opening a malicious document...

As Tax Day nears, threat actors are pulling out all the stops by deploying tax-themed phishing campaigns that combine age-old social engineering tricks with modern redirection techniques and sophisticated malware. In recent months, Microsoft’s threat intelligence team has observed several...