Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

John Hammond is a Security Researcher at Huntress as well as a cybersecurity instructor, developer, red teamer, and CTF enthusiast. John is a former Department of Defense Cyber Training Academy ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

I started this as a side project, but my Windows Command Center suddenly became useful.

Azure Linux 4.0 expands Microsoft’s Linux strategy for secure AI and server workloads. Azure Container Linux offers hardened, lightweight infrastructure for Azure containers and regulated enterprises.

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

Former Microsoft PM says the company's AI push failed, citing Copilot's dismal 3.3% adoption rate and calling for a massive ...

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...

Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an ...