Cybercriminals are using counterfeit AI learning material and developer guides to lure professionals into opening files that trigger a multi-stage malware chain ending in AsyncRAT, a remote access ...

description: The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field ...

description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...

There's a version of your Windows setup where files sort themselves, backups happen quietly in the background, and everything you copy is automatically saved for later. And the best part is that you ...

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

Compliance chaos: NY regulators see a data breach — then focus on IT errors When a data breach happens, CISOs aren’t the only ones who should be sweating. New York state officials, for example, ...

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named ...

I'd like to thank my co-author, Martin Zugec, for his valuable contributions to this report. This intrusion adds three dimensions to the public understanding of Chinese APT activity in contested ...

Anthropic engineer Boris Cherny says his coding setup now involves "a few thousand" AI agents working for him overnight. Cherny, the creator of Claude Code, described his AI workflow during an ...

The CyberWire is an independent voice delivering concise, accessible, and relevant cybersecurity news briefings and cybersecurity podcasts to people all across the globe.