Microsoft has released a temporary mitigation for YellowKey, a Windows zero-day that can reportedly bypass BitLocker ...

Microsoft has announced mitigations for CVE-2026-45585, a BitLocker bypass triggered via FsTx in Windows Recovery.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

I started this as a side project, but my Windows Command Center suddenly became useful.

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Security researchers at Malwarebytes have found a fake Windows 11 24H2 update campaign that steals sensitive data from Windows PC users. The attackers host a very convincing Microsoft‑style support ...

If a website tells you to manually install a “Windows update” from a big blue download button, close that tab immediately. Malwarebytes has just spotted a fake Microsoft support website ...

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.