We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

PowerShell

ClickFix fake error message malware spikes over 500%, takes second place as the most abused attack vector
Tech Optimizer
June 27, 2025

ClickFix fake error message malware spikes over 500%, takes second place as the most abused attack vector

The ClickFix attack vector has increased by 517% since the latter half of 2024, becoming the second most exploited method for cyberattacks, following phishing. Hackers are using ClickFix to deploy various infostealing malware, including Lumma Stealer, VidarStealer, StealC, and Danabot. The ClickFix mechanism involves a counterfeit reCAPTCHA that misleads users into executing harmful Powershell commands. This method is primarily spread through phishing emails directing users to fraudulent websites. ESET’s Threat Report indicates that SnakeStealer has surpassed Agent Tesla as the most frequently detected infostealer, targeting businesses in the US and EU for credential theft. The ransomware landscape has been disrupted by internal conflicts among groups, with DragonForce launching defacement campaigns against other ransomware entities. On mobile devices, Kaleidoscope infections have caused a 160% increase in Android adware detections, and the SparkKitty malware has been found in both the Apple App Store and Google Play Store. Kaleidoscope generates revenue through intrusive ads while infecting devices with a malicious app from third-party stores.
How to configure multiple DHCP scopes on one Windows server
Winsage
June 27, 2025

How to configure multiple DHCP scopes on one Windows server

Administrators use the Dynamic Host Configuration Protocol (DHCP) service to manage IP address configurations for clients efficiently. Deploying multiple DHCP scopes on a single server is more practical than having separate servers for each subnet. DHCP operates through a four-step lease process: discover, offer, request, and acknowledge. To install a DHCP server, the PowerShell cmdlet Install-WindowsFeature DHCP -IncludeManagementTools is used, and the server must be authorized in Active Directory. A single DHCP server can manage multiple scopes, each with specific configurations for different subnets, such as DevNet, ProdNet, SalesNet, and EngineersNet. Each scope can have unique IP address ranges and settings, and additional scopes can be created by adding network interface cards (NICs) to the server. Server options apply globally, while scope options are specific to individual scopes. Reserved IP addresses can also be configured within each scope.
New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe
Winsage
June 25, 2025

New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe

Researcher mr. d0x has introduced a new variant of the ClickFix social engineering tool called FileFix, which uses the Windows File Explorer address bar as its interface to deceive users into executing harmful commands. FileFix targets corporate employees and employs familiar elements like reCAPTCHA prompts or error messages to spread malware, including infostealers and ransomware. The method integrates malicious commands directly into Windows File Explorer, enhancing its effectiveness by utilizing the environment users are comfortable with. The phishing scheme includes a deceptive ‘Open Fixe Explorer’ button that activates File Explorer and copies a PowerShell command to the clipboard, initially displaying a fake path in the address bar. ClickFix tactics are effective because they manipulate victims into compromising their own security, often exploiting urgency and existing online behaviors. Users are advised to be cautious of verification pop-ups and requests to open command windows, and to share this knowledge to help others navigate safely.
New FileFix Exploit Uses Windows File Explorer to Run Malicious Commands
Winsage
June 25, 2025

New FileFix Exploit Uses Windows File Explorer to Run Malicious Commands

A newly identified exploit called "FileFix" manipulates Windows File Explorer to execute harmful commands while remaining within a web browser. Developed by security researcher mr.d0x, it builds on the ClickFix social engineering attack. FileFix uses the file upload feature on websites, prompting users to copy a malicious PowerShell command disguised as a file path. When users paste this path into the File Explorer address bar, it executes the command without their knowledge. The attack exploits familiar workflows, bypassing user skepticism and does not require elevated privileges or complex malware. Security experts warn that FileFix could enable the delivery of infostealers, ransomware, or other malware, posing a significant risk to individuals and organizations. Users are advised to be cautious of instructions to copy and paste file paths from unfamiliar sources, monitor for suspicious processes initiated by browsers, and keep security software updated.
Building a Windows Storage Dashboard, Part 2: Collecting Historical Data
Winsage
June 25, 2025

Building a Windows Storage Dashboard, Part 2: Collecting Historical Data

The process of gathering historical data for a Windows storage dashboard involves two steps: creating a PowerShell script to collect and save the data, and configuring the Windows Task Scheduler to run this script at set intervals. The script collects data on file system drives using the Get-PSDrive cmdlet, creating a custom PowerShell object with columns for Timestamp, Drive, UsedGB, FreeGB, and TotalGB, which is then exported to a CSV file. The script specifies the CSV file path, appends new data without overwriting existing data, and excludes type information from the header. The generated CSV file includes a header row and records for each drive with their respective usage statistics.
FileFix attack weaponizes Windows File Explorer for stealthy commands
Winsage
June 24, 2025

FileFix attack weaponizes Windows File Explorer for stealthy commands

A cybersecurity researcher named mr.d0x has introduced a new attack method called FileFix, which is a variant of the ClickFix social engineering attack. FileFix allows malicious actors to execute harmful commands on a victim's system through the Windows File Explorer address bar, rather than using the traditional method of pasting commands into PowerShell. The attack still relies on a phishing page, which masquerades as a notification about a shared file, prompting users to paste a path into File Explorer. Attackers can conceal the malicious PowerShell command by embedding it within a dummy file path in a comment, making it invisible in the address bar. Mr.d0x has also implemented measures in the proof-of-concept code to prevent users from selecting files during the attack. The ClickFix method has been effective in deploying malware, including ransomware and state-sponsored operations, with notable examples involving the North Korean hacker group Kimsuky and cybercriminals impersonating Booking.com. FileFix represents an evolution in phishing attacks by providing a more user-friendly interface for executing commands.
Microsoft 365 brings the shutters down on legacy protocols
Winsage
June 20, 2025

Microsoft 365 brings the shutters down on legacy protocols

Microsoft will block legacy authentication methods by default in Microsoft 365 starting mid-July 2025 through August as part of its Secure Future Initiative. The notification, MC1097272, emphasizes the need for organizations to adapt their systems due to the vulnerabilities of legacy protocols, such as the Remote PowerShell (RPS) protocol for SharePoint and OneDrive, and the FrontPage Remote Procedure Call (RPC) protocol. Additionally, Microsoft will require administrator consent for third-party applications accessing organizational files and sites, shifting the responsibility from users to administrators to enhance security. These changes will apply universally across all Microsoft 365 tenants.
silver Android smartphone
Winsage
June 20, 2025

Microsoft 365 brings the shutters down on legacy protocols

Microsoft will implement default settings in Microsoft 365 starting mid-July 2025 that block legacy authentication protocols as part of its Secure Future Initiative. Legacy authentication methods, including the Remote PowerShell (RPS) protocol for SharePoint and OneDrive, and the FrontPage Remote Procedure Call (RPC) protocol, will be phased out due to their vulnerability to attacks. Additionally, administrator consent will be required for third-party applications seeking access to organizational files and sites, which may disrupt existing workflows. All changes will be applied by default across all Microsoft 365 tenants.
Old tech is getting the boot inside Windows and Microsoft 365
Winsage
June 20, 2025

Old tech is getting the boot inside Windows and Microsoft 365

Microsoft is removing obsolete drivers from Windows Update, starting with those that have modern replacements. Older drivers will be allowed to expire, and partners can republish them only with justification. After a six-month grace period for feedback, outdated drivers will be permanently removed if no issues are raised. This cleanup is part of a recurring process to enhance security and streamline drivers for users. In Microsoft 365, outdated authentication protocols will be blocked by default starting in July 2025, requiring administrator approval for third-party app access. The first protocols to be discontinued include outdated browser authentication methods for SharePoint and OneDrive accessed via Remote PowerShell, as well as the FrontPage Remote Procedure Call protocol. Third-party applications will need explicit administrator permission to access files and sites, which may disrupt existing workflows.
Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT
Tech Optimizer
June 17, 2025

Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT

Threat actors are using a fileless variant of AsyncRAT, targeting German-speaking individuals with a deceptive verification prompt. This prompt misleads users into executing harmful commands. The malware employs obfuscated PowerShell scripts to operate in memory without creating files on disk, complicating detection by antivirus solutions. The attack begins with a fake verification page prompting users to click "I’m not a robot," which copies a malicious command to the clipboard. This command uses conhost.exe to run a hidden PowerShell instance that retrieves a payload from a remote server. The malware establishes a connection to a command-and-control server and maintains persistence through registry keys, enabling remote control and data exfiltration. Key tactics include stealth execution, in-memory C# compilation, and TCP-based communication over non-standard ports. The campaign has been active since at least April 2025. Indicators of Compromise (IOCs) include: - IP: 109.250.111[.]155 (Clickfix Delivery) - FQDN: namoet[.]de (Clickfix / C2 Server) - Port: 4444 (TCP Reverse Shell Listener) - URL: hxxp[:]//namoet[.]de:80/x (PowerShell Payload) - Registry (HKCU): SOFTWAREMicrosoftWindowsCurrentVersionRunOncewindows (Persistence on Boot) - Registry (HKCU): SOFTWAREMicrosoftWindows NTCurrentVersionWindowswin (Holds Obfuscated Command)
Search