Dark Reading

Attackers Use Windows Screensavers to Drop Malware, RMM Tools

By tapping the unusual .scr file type, attackers leverage "executables that don't always receive executable-level controls," ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in ...
Microsoft

Analysis of active exploitation of SolarWinds Web Help Desk

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.