Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
XDA Developers on MSN

Windows Sandbox is the best feature you're not using

Enable Windows Sandbox and test questionable software risk-free in a disposable virtual machine.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
The Register on MSN

Contain your Windows apps inside Linux Windows

Can't live without Adobe? Get on board WinBoat – or WinApps sails a similar course Hands-on Run real Windows in an ...

Four new reasons why Windows LNK files cannot be trusted

By putting conflicting metadata in LNK files, a researcher found four new ways to spoof targets, hide arguments, and run unintended programs in Windows Explorer.
Make Tech Easier

No More Debloat Scripts: Why I Switched to Wintoys to Debloat My PC

One-click debloat scripts can, and always will, break your Windows PC — Wintoys is the safest tool to tweak and optimize Windows.

Windows shortcut files targeted by ransomware gang Global Group

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in ...