New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

February’s Patch Tuesday release fixes 59 flaws, including 6 being exploited

IT admins will be busy this month patching Microsoft software and apps, but not nearly as busy as they were in January.

Windows’ original Secure Boot certificates expire in June—here’s what you need to do

Secure Boot has relied on the same security certificates to verify bootloaders since 2011, during the development cycle for Windows 8. But those original certificates are set to expire in June and ...

LummaStealer infections surge after CastleLoader malware campaigns

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware.