The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...
Bleeping Computer

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...
The Hacker News

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

Iran-linked Dust Specter targeted Iraqi officials using fake ministry lures and new malware families uncovered by Zscaler.
Security Boulevard

Cleaning Up Active Directory Before Enabling SAML-Based SSO: A Technical Playbook

Learn how to clean up Active Directory before enabling SAML-based SSO to ensure secure authentication, accurate user mapping, and smooth identity integration.
Security Boulevard

Dust Specter APT Targets Government Officials in Iraq

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...
Cryptopolitan on MSN

I Almost Got Hacked on a Microsoft Teams Call — Here’s How the Scam Works

Let me tell you how I came within steps of becoming a victim in an elaborate social engineering scheme designed to exploit something so routine and apparently harmless as a Microsoft Teams call ...
Channel Buzz

ESET’s Tony Anscombe on the cybersecurity trends MSPs can’t ignore in 2026

Tony Anscombe, chief security evangelist at ESET, returns to the podcast for a wide-ranging conversation about the cybersecurity landscape in early 2026. From the emergence of AI-powered malware to ...
Redmondmag.com

Best Practices for PowerShell Script Version Control, Part 1

Semantic versioning gives PowerShell script changes clear meaning so you can evolve scripts quickly without letting updates devolve into chaos.
TechRadar

Some top password managers can be hacked and hijacked to change your passwords - here's what we know

Vulnerabilities have been discovered in several password managers Researchers created theoretical attacks that could steal credentials Remediation efforts are underway, with multiple vulnerabilities ...
Ars Technica

Password managers’ promise that they can’t see your vaults isn’t always true

Over the past 15 years, password managers have grown from a niche security tool used by the technology savvy into an indispensable security tool for the masses, with an estimated 94 million US ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Digital Journal

Too many users are reusing passwords: Cybersecurity dangers revealed

One of the most persistent and underestimated cybersecurity risks is near-identical password reuse. This is the practice of adding or changing a character in an existing password, instead of creating ...