Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Fake ad blocker breaks PCs in new malware extension scam

Chrome and Edge users warned about NexShield browser extension scam that causes crashes and tricks users into installing malware through fake security fix commands.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
CSO Online

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
Redmond Magazine

Planning for PowerShell Script Usage in a Multiplatform Environment

PowerShell cross-platform limitations break Windows-only cmdlets, .NET dependencies, and Windows Forms GUIs on Linux. Dual booting and WinBoat enable Windows PowerShell compatibility but introduce ...
Business.com on MSN

How to manage file system ACLs with PowerShell

Before you can change an ACL, you must get the current one. There are two ways to do this with PowerShell. Learn how to get the current ACL and modify it.
GitHub

Moefire/Script-Whitelist-Guard

ScriptWhitelistGuard is a PowerShell module that intercepts external .ps1 script execution at the PSReadLine level, validates scripts against a SHA256-based whitelist, and transparently rewrites ...
Palestine Herald-Press

First execution of 2026 set for Wednesday in Huntsville

Texas inmate Charles Victor Thompson is scheduled to be executed Wednesday, Jan 28, the first Texas execution in 2026. Thompson, 55, was convicted of the double murders of his former girlfriend, ...
Business.com on MSN

How to remotely invoke applications with PowerShell

Not all applications are created with remote execution in mind. PowerShell provides several ways to invoke applications on remote computers.
tech2geek

5 PowerShell Scripts That Transform Windows — Automate, Clean, and Take Back Control

For many Windows users, PowerShell is just a strange black window you open once in a while to paste a command from a forum. In reality, PowerShell is one of the most powerful tools built into Windows.
Bleeping Computer

Fake MAS Windows activation domain used to spread PowerShell malware

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'.