Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
Windows Report

Hackers Abused Legit Certificates to Sneak Into Work PCs

A fake company bought a valid EV certificate, signed malware, and helped criminals keep remote access to enterprise PCs.
CSOonline

A spoof antivirus makes Windows Defender disable security scans

In a proof-of-concept, a security researcher demonstrated how the Windows Security Center API can be used to block the scans by Microsoft’s built-in antivirus tool. Windows Defender can be tricked ...
Forbes

Hackers Bypass Windows Defender Security — What You Need To Know

Update, March 31, 2025: This story, originally published March 29, has been updated with an explanation of LOLBINS as well as further technical information regarding the Windows Defender Application ...