Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
Aujourd’hui — 14 juillet 20264sysops

AI-generated PowerShell script used for aggressive Active Directory enumeration

Par : IT News
13 juillet 2026 à 17:23
AI-generated PowerShell script used for aggressive Active Directory enumeration
A threat actor recently utilized an AI-generated PowerShell script to conduct reconnaissance within a compromised Active Directory environment. The intrusion began after the attacker gained access to a domain-joined Windows Server via Remote Desktop Protocol using previously stolen credentials. Once inside, the intruder staged tools in the ProgramData directory and executed a script designed to map users, groups, and domain controllers.

Source

À partir d’avant-hier4sysops

GigaWiper backdoor merges multiple malware families for disk destruction

Par : IT News
9 juillet 2026 à 19:42
GigaWiper backdoor merges multiple malware families for disk destruction
Microsoft Threat Intelligence has identified GigaWiper, a sophisticated Golang-based backdoor that integrates components from three distinct malware families. This modular implant combines command-and-control capabilities with destructive payloads, including physical disk wiping and fake ransomware routines. By consolidating tools like Crucio and FlockWiper, threat actors can switch between stealthy espionage and immediate system sabotage within a single deployment.

Source

GodDamn ransomware uses Microsoft-signed PoisonX driver to kill security tools

Par : IT News
9 juillet 2026 à 15:33
GodDamn ransomware uses Microsoft-signed PoisonX driver to kill security tools
The GodDamn ransomware, a rebrand of the Beast and Monster strains, has emerged using a sophisticated defense evasion technique to neutralize endpoint protection. The threat group, known as Hyadina, gains initial access through remote desktop tools like AnyDesk and deploys a credential-harvesting toolkit based on NirSoft utilities. This toolkit targets a wide range of sensitive data, including browser history, Windows Credential Manager entries, Wi-Fi profiles, and live network traffic.

Source

Microsoft patches RoguePlanet zero-day vulnerability in Defender engine

Par : IT News
9 juillet 2026 à 11:51
Microsoft patches RoguePlanet zero-day vulnerability in Defender engine
Microsoft has released a critical update for the Microsoft Malware Protection Engine to address a zero-day vulnerability known as RoguePlanet. Tracked as CVE-2026-50656, the flaw resides in the core scanning engine that powers Microsoft Defender across Windows 10, Windows 11, and Windows Server. The fix is delivered through engine version 1.1.26060.3008, which corrects flawed file-handling logic during malware remediation processes.

Source

MaxPowerSoft AD Reports: Active Directory & Entra ID Reporting

Par : Sponsor
7 juillet 2026 à 17:33
Active Directory & Azure Reporting Tool
AD Reports is a Windows-based tool for generating detailed reports on on-premises Active Directory and Azure Entra ID environments, including users, groups, computers, and permissions. It provides over 300 predefined reports plus a visual LDAP and OData query builder so administrators can create custom reports without writing query syntax.

Source

❌
❌