Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examine...
Microsoft
20 articles
Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs
Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems.
Akira-Style Ransomware Campaign Hits Windows Users Across South America
A newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware ...
EvilTokens abuses Microsoft device code flow for account takeovers
A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia rese...
Microsoft links Classic Outlook issue to email delivery problems
Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com.
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Microsoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure a...
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access...
Remcos RAT Attack Uses Obfuscated Scripts, Trusted Windows Tools
Remcos RAT operators are abusing obfuscated scripts and trusted Windows binaries to deliver a stealthy, largely fileless infection chain that runs almost ent...
Symantec DLP Agent Flaw Exposed Systems to Privilege Escalation Attacks
A high-severity vulnerability in the Symantec Data Loss Prevention (DLP) Agent for Windows could allow low-privileged attackers to take complete control of a...
ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required ...
Microsoft adds high-volume email sending to Exchange Online
Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll no...
Mitigating the Axios npm supply chain compromise
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates (1.14.
Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files
Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced feat...
Widespread Microsoft 365 account compromise sought by Iran-linked hackers
Widespread Microsoft 365 account compromise sought by Iran-linked hackers More than 300 organizations in Israel, over 25 others in the United Arab Emirates, ...
Exabeam expands ABA to detect AI agent threats across ChatGPT, Copilot, and Gemini
Exabeam has announced the expansion of Exabeam Agent Behavior Analytics (ABA). Without direct visibility into how employees use AI assistants, what they quer...
CIS Benchmarks March 2026 Update
The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates be...
Google Warns of New Chrome Zero-Day Under Active Exploitation – Users Urged to Update Immediately
Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is active...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans lik...
Microsoft Teams to Improve Privacy With EXIF Data Removal Feature
Microsoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining with a critical new feature that automatically removes EXIF m...