PowerShell stories

Microsoft says Storm-1175 is exploiting newly disclosed flaws within hours, hitting organisations in the UK and elsewhere with fast-moving Medusa ransomware.

Zscaler says Xloader malware has added layered encryption, decoy servers and new obfuscation tricks to hinder analysts.

ReliaQuest flags DeepLoad malware stealing live credentials in enterprise networks, with AI-style obfuscation, USB spread and hidden WMI persistence.

Bitdefender offers free 45-day internal security check to spot over-entitled staff access as attackers increasingly abuse trusted tools.

N-able rolls out AI-led SOC detections to flag PowerShell abuse, suspicious DNS traffic and unusual Windows processes across multiple layers.

Ransomware group LeakNet adopts ClickFix lures and a Deno-based fileless loader to scale attacks and evade traditional endpoint defences.

Cloud identity compromise now drives over 80% of cyber incidents, as attackers increasingly abuse trusted accounts and workplace tools.

OpenAI brings its Codex desktop app to Windows, targeting the nearly half of professional developers who use the platform daily.

WatchGuard reports a 1,548% surge in new evasive malware and a 2,000% jump in encrypted threats, straining signature-based defences.

Governance gaps and tool sprawl are stalling Microsoft automation at scale, with most large IT teams lacking control, visibility and integration.

Ransomware gangs shrank in number but hit more victims in late 2025, with leak-site postings soaring despite fewer active groups.

Storm-0249 hijacks trusted security and Windows tools to stealthily broker high-value network access for ransomware operators.

SIOS launches LifeKeeper v10, adding a unified browser console to simplify high availability and disaster recovery across Linux and Windows.

Chinese state-backed hackers mimic Microsoft Teams downloads in a false flag campaign to infect Chinese speakers and blame Russian actors.

Microsoft fixes a Windows zero-day used in attacks and Office flaws that can execute code when emails are merely received or previewed.

Attackers exploit unpatched ScreenConnect and Microsoft 365 credentials for unauthorised network access, raising breach risks for organisations worldwide.

Parallels has launched RAS 21.0, enhancing hybrid cloud management, security, and user experience for distributed workforces with multi-cloud support.

Cybersecurity experts warn of rising email threats as phishing kits Tycoon 2FA and Cephas evolve, using steganography and code obfuscation to evade detection.

Curly COMrades exploit Microsoft Hyper-V to run hidden malware inside lightweight VMs, evading detection and maintaining stealthy control over targets.

Cybercriminals use ultra-realistic fake Adobe Reader invoices and images with embedded malware to bypass defences, targeting German-speaking regions.