网络安全研究人员披露了一项多阶段恶意软件攻击活动，该活动使用批处理脚本作为传播路径，投放XWorm、AsyncRAT和Xeno RAT等加密远程访问木马载荷。攻击链被命名为VOID#GEIST，通过混淆批处理脚本部署第二阶段脚本，植入合法Python运行时，并解密加密的shellcode。现代恶意软件越来越多地转向复杂的基于脚本的传播框架，模仿合法用户活动以规避检测。

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

近期，Neowin报道了一起极具代表性的新型网络钓鱼活动，揭示了攻击者如何利用合法软件作为载体劫持用户计算机。在该案例中，攻击者并未直接分发含有恶意代码的可执行文件，而是诱导用户下载并运行完全合法、拥有有效数字签名的软件工具（如AnyDesk、Tea ...

OpenAI brings its AI coding assistant Codex to Windows, allowing developers to run multiple AI agents and streamline complex programming workflows.

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

OpenAI has rolled out the Codex desktop app for Windows. The tool debuted on macOS last month and will now enable developers on Windows to access its agentic coding capabilities.

OpenAI has now released the Codex software for Windows devices, after the release of a dedicated Codex program for macOS ...

OpenAI said Codex also supports Windows developer environments The Codex app lets users run multiple coding agents in parallel Skills will also be available to Windows users ...

微软警告组织注意正在进行的OAuth滥用诈骗活动，攻击者通过钓鱼邮件和URL重定向感染受害者设备并接管控制权。该钓鱼活动主要针对政府和公共部门组织。攻击者滥用OAuth重定向功能，创建包含恶意URL的钓鱼邮件，当用户点击后会被重定向到攻击者控制的恶意页面并下载恶意软件。攻击载荷包括ZIP压缩包、LNK快捷方式文件等，最终在内存中执行恶意代码并建立与外部C2服务器的连接。

Using an AI coding assistant to migrate an application from one programming language to another wasn’t as easy as it looked. Here are three takeaways.

The phishing expedition targets government and public-sector organizations, according to a Monday report from Redmond's ...