New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Windows 11 adds a new secure mode that blocks sketchy apps and drivers

Windows 11 is adding Baseline Security Mode to block unsigned apps, services, and drivers by default, plus new consent prompts for sensitive access and bundled installs, with exceptions when needed ...

Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack

Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline.