Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
Security Boulevard

Emulating the Mutative BlackByte Ransomware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackByte ransomware, a strain operated ...

CAPTCHA or trap? Windows users tricked into installing malware on their PCs

StealC malware campaign exploits fake CAPTCHA pages to steal sensitive data while blending into normal system activity.

Fake ad blocker breaks PCs in new malware extension scam

Chrome and Edge users warned about NexShield browser extension scam that causes crashes and tricks users into installing ...

Over 1500% Increase in New, Unique Malware Highlights Growing Security Complexity ...

In 2025, new malware increased every quarter, culminating in a 1,548% spike from Q3 to Q4 alone. At the same time, 23% of detected malware evaded traditional signature-based detection, effectively ...
CSO Online

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.

Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks.
PC World

Yes, you should use an encrypted email service. Here’s why

PCWorld explains why encrypted email services like Proton, Tuta, and Skiff are essential for protecting digital communications from cyber threats and data breaches. These services use zero-access ...

Windows shortcut files targeted by ransomware gang Global Group

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were ...
ZDNet

7 apps I use to lock down, encrypt, and store my private files - and most are free

File and folder security is crucial in this day and age. There are apps you can use to heighten the security of your files. These apps are free and available for desktop and mobile devices. The need ...
Bleeping Computer

Microsoft fixes Outlook bug blocking access to encrypted emails

Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a December update. This bug affects users who try to open messages ...