网络安全研究人员披露了一项多阶段恶意软件攻击活动，该活动使用批处理脚本作为传播路径，投放XWorm、AsyncRAT和Xeno RAT等加密远程访问木马载荷。攻击链被命名为VOID#GEIST，通过混淆批处理脚本部署第二阶段脚本，植入合法Python运行时，并解密加密的shellcode。现代恶意软件越来越多地转向复杂的基于脚本的传播框架，模仿合法用户活动以规避检测。

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

OpenAI has rolled out the Codex desktop app for Windows. The tool debuted on macOS last month and will now enable developers ...

Using an AI coding assistant to migrate an application from one programming language to another wasn’t as easy as it looked. Here are three takeaways.

There are moments in the evolution of a nation when a single incident, seemingly isolated, exposes a deeper and more troubling ...

Discover the 7 best cloud orchestration tools for enterprises in 2026, including AWS CloudFormation, Ansible, Spacelift, CloudBolt, and more. Compare features, pricing, multi-cloud support, and use ...

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.

The user had asked for a simple PowerShell script to remove Python pycache folders. Instead, the script ended up deleting the contents of the user’s F: drive, including project files and Docker data.

当 PowerShell 将错误的字符传递给 CMD 命令后，这种跨解释器的指令翻译缺乏必要的安全屏障。系统未能识别出这是一个明显的逻辑错误，而是机械地执行了针对根目录的强制删除指令，最终酿成大祸。