The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
note

Even the free version of Power Automate Desktop works! Let's automate web tasks periodically using Windows Task Scheduler

🦊 Hello! I'm Inusuki. As I wrote in a previous article, the biggest problem with the free version of PAD (Power Automate Desktop) is that it cannot integrate with the cloud version Also, there is the ...
pentestpartners.com

ClickFix, CrashFix and the growing family of copy and paste attacks

At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t look like that is going to change anytime soon. We’re now into June and the ‘fix’ attacks have ...
note

Function to create a shortcut icon for the folder currently being worked on [PowerShell]

At my company, the workflow for work requests from full-time employees to me (a non-regular worker) begins with the request details and data storage location being sent via a task management tool.
GitHub

powershell_fileless_script_contains_base64_encoded_content.yml

description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...
GitHub

registry_keys_used_for_persistence.yml

description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...