Matthew Dowst<p>PowerShell Weekly for May 16, 2025 is out now with Announcements, Community highlights, Fun sections, and more. Check it out!<br><a href="https://mastodon.social/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://mastodon.social/tags/Automation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Automation</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a><br><a href="https://psweekly.dowst.dev/?p=7851" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">psweekly.dowst.dev/?p=7851</span><span class="invisible"></span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.
Administered by:
Server stats:
9.1Kactive users
mastodon.world: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#powershell
30 posts · 24 participants · 5 posts today
Pyrzout :vm:<p>Hackers Leveraging PowerShell to Bypass Antivirus and EDR Defenses <a href="https://gbhackers.com/hackers-leveraging-powershell/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/hackers-leveragi</span><span class="invisible">ng-powershell/</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.skynetcloud.site/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a></p>
2rZiKKbOU3nTafniR2qMMSE0gwZHackers Exploit PowerShell to Evade Antivirus and EDR Protections Cybersecurity researchers have ...<br><br><a href="https://cyberpress.org/hackers-exploit-powershell/" rel="nofollow noopener noreferrer" target="_blank">https://cyberpress.org/hackers-exploit-powershell/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Cyber" target="_blank">#Cyber</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Security" target="_blank">#Security</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/News" target="_blank">#News</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Cybersecurity" target="_blank">#Cybersecurity</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Microsoft" target="_blank">#Microsoft</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/PowerShell" target="_blank">#PowerShell</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Cyber" target="_blank">#Cyber</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Security" target="_blank">#Security</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Cyber" target="_blank">#Cyber</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/security" target="_blank">#security</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/news" target="_blank">#news</a><br><br><a href="https://awakari.com/pub-msg.html?id=YO5m4w1Oj7Eo0qIPljPyaVPimrQ&interestId=2rZiKKbOU3nTafniR2qMMSE0gwZ" rel="nofollow noopener noreferrer" target="_blank">Result Details</a>
Mike Lawton<p>Had occasion to use:</p><p><code>-ErrorVariable +ev -ErrorAction SilentlyContinue</code></p><p>in order to handle/log non-fatal errors within a <a href="https://mstdn.social/tags/powershell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>powershell</span></a> pipeline. I want to know the parameter in question on caught errors. The thrown cmdlet exception didn't provide it.</p><p>Can't see any advantage (the docs are... anemic) to InvocationInfo.PipelinePosition or PipelineIterationInfo (directly on the ErrorRecord) to pull by index (-1) from the root collection.</p><p><a href="https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.errorrecord?view=powershellsdk-7.4.0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/en-us/dotn</span><span class="invisible">et/api/system.management.automation.errorrecord?view=powershellsdk-7.4.0</span></a></p><p><a href="https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.invocationinfo?view=powershellsdk-7.4.0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/en-us/dotn</span><span class="invisible">et/api/system.management.automation.invocationinfo?view=powershellsdk-7.4.0</span></a></p>
Pyrzout :vm:<p>Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts <a href="https://hackread.com/fileless-remcos-rat-attack-antivirus-powershell-scripts/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/fileless-remcos-r</span><span class="invisible">at-attack-antivirus-powershell-scripts/</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.skynetcloud.site/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemcosRAT</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.skynetcloud.site/tags/TROJAN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TROJAN</span></a></p>
OTX Bot<p>Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT</p><p>A new PowerShell-based shellcode loader has been discovered, designed to execute a variant of Remcos RAT. The attack chain begins with malicious LNK files in ZIP archives, using mshta.exe for initial execution. The loader employs fileless techniques, executing code directly in memory to evade traditional defenses. It leverages Windows APIs to allocate memory and execute binary code. The Remcos RAT provides full system control, featuring keylogging, screen capture, and credential theft capabilities. It uses advanced evasion techniques like process hollowing and UAC bypass. The malware establishes persistence through registry modifications and connects to a command and control server over TLS. This sophisticated attack emphasizes the need for behavioral analytics and proactive security measures to detect and mitigate such stealthy threats.</p><p>Pulse ID: 68264a9c6f5993a7d13fcfbc<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68264a9c6f5993a7d13fcfbc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68264</span><span class="invisible">a9c6f5993a7d13fcfbc</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-15 20:12:12</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LNK</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Remcos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Remcos</span></a> <a href="https://social.raytec.co/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemcosRAT</span></a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ShellCode</span></a> <a href="https://social.raytec.co/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZIP</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Excel(ent) Obfuscation: Regex Gone Rogue</p><p>A new Excel-based attack technique leverages recently introduced regex functions for advanced code obfuscation. The proof-of-concept demonstrates how malicious actors can use REGEXEXTRACT to hide PowerShell commands within large text blocks, significantly reducing antivirus detection rates. This method outperforms traditional obfuscation techniques, dropping VirusTotal detections from 22 to just 2. The approach also evades heuristic analysis tools like OLEVBA. While currently limited by Microsoft's default macro security and the functions' limited availability, this technique could potentially be combined with more sophisticated attack methods as it becomes more widely accessible.</p><p>Pulse ID: 6825f54fef573f818bd2d43c<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6825f54fef573f818bd2d43c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6825f</span><span class="invisible">54fef573f818bd2d43c</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-15 14:08:15</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Excel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Excel</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
PSConfEU<p><a class="mention" href="https://bsky.app/profile/stephanevg.bsky.social" rel="nofollow noopener noreferrer" target="_blank">@stephanevg.bsky.social</a> will be on stage for <a class="hashtag" href="https://bsky.app/search?q=%23PSConfEU" rel="nofollow noopener noreferrer" target="_blank">#PSConfEU</a> 2025 in <a class="hashtag" href="https://bsky.app/search?q=%23Malm%C3%B6" rel="nofollow noopener noreferrer" target="_blank">#Malmö</a> (23-26 June)!
🎙️ 10 Tiny Steps to PowerShell Productivity Mastery
🎙️ Road Trip with Classes: A Fun Ride into PowerShell Mastery
🎟️ <a href="https://psconf.eu" rel="nofollow noopener noreferrer" target="_blank">psconf.eu</a>
<a class="hashtag" href="https://bsky.app/search?q=%23PowerShell" rel="nofollow noopener noreferrer" target="_blank">#PowerShell</a> <a class="hashtag" href="https://bsky.app/search?q=%23Sk%C3%A5ne" rel="nofollow noopener noreferrer" target="_blank">#Skåne</a> <a class="hashtag" href="https://bsky.app/search?q=%23Svenska" rel="nofollow noopener noreferrer" target="_blank">#Svenska</a> <a class="hashtag" href="https://bsky.app/search?q=%23Sweden" rel="nofollow noopener noreferrer" target="_blank">#Sweden</a> <a class="hashtag" href="https://bsky.app/search?q=%23IT" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a class="hashtag" href="https://bsky.app/search?q=%23automation" rel="nofollow noopener noreferrer" target="_blank">#automation</a></p>
Mike F. Robbins<p>Shorten <a href="https://fosstodon.org/tags/Azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Azure</span></a> CLI commands in <a href="https://fosstodon.org/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> without backticks <a href="https://mikefrobbins.com/2025/05/15/shorten-azure-cli-commands-in-powershell-without-backticks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mikefrobbins.com/2025/05/15/sh</span><span class="invisible">orten-azure-cli-commands-in-powershell-without-backticks/</span></a></p>
LLMsComparing AI models for MCP server usage I compared six frontier AI models—DeepSeek V3, Anthrop...<br><br><a href="https://4sysops.com/archives/comparing-ai-models-for-mcp-server-usage/" rel="nofollow noopener noreferrer" target="_blank">https://4sysops.com/archives/comparing-ai-models-for-mcp-server-usage/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Articles" target="_blank">#Articles</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/powershell" target="_blank">#powershell</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/mcp" target="_blank">#mcp</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/agents" target="_blank">#agents</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/vscode" target="_blank">#vscode</a><br><br><a href="https://awakari.com/pub-msg.html?id=1OYcNNxylPd4K4GDZb0l28xylxg&interestId=LLMs" rel="nofollow noopener noreferrer" target="_blank">Result Details</a>
LLMsOpenAI Codex CLI: AI-powered assistant for the terminal? OpenAI Codex CLI is a new open-source co...<br><br><a href="https://4sysops.com/archives/openai-codex-cli-ai-powered-assistant-for-the-terminal/" rel="nofollow noopener noreferrer" target="_blank">https://4sysops.com/archives/openai-codex-cli-ai-powered-assistant-for-the-terminal/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Articles" target="_blank">#Articles</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/commands" target="_blank">#commands</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/powershell" target="_blank">#powershell</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/agents" target="_blank">#agents</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a><br><br><a href="https://awakari.com/pub-msg.html?id=W66auASTBNliLLXhKBIEKbeCoe8&interestId=LLMs" rel="nofollow noopener noreferrer" target="_blank">Result Details</a>
SearchEngineInstall the Perplexity MCP server for VS Code GitHub Copilot on Windows and Mac Perplexity is an ...<br><br><a href="https://4sysops.com/archives/install-the-perplexity-mcp-server-for-vs-code-github-copilot-on-windows-and-mac/" rel="nofollow noopener noreferrer" target="_blank">https://4sysops.com/archives/install-the-perplexity-mcp-server-for-vs-code-github-copilot-on-windows-and-mac/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Articles" target="_blank">#Articles</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/agents" target="_blank">#agents</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/mcp" target="_blank">#mcp</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/vscode" target="_blank">#vscode</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/powershell" target="_blank">#powershell</a><br><br><a href="https://awakari.com/pub-msg.html?id=1RbOFStYjUn4tNa0D8TyuEkq2tc&interestId=SearchEngine" rel="nofollow noopener noreferrer" target="_blank">Result Details</a>
PSConfEU<p><a class="mention" href="https://bsky.app/profile/denelon.bsky.social" rel="nofollow noopener noreferrer" target="_blank">@denelon.bsky.social</a> will be on stage for <a class="hashtag" href="https://bsky.app/search?q=%23PSConfEU" rel="nofollow noopener noreferrer" target="_blank">#PSConfEU</a> 2025 in <a class="hashtag" href="https://bsky.app/search?q=%23Malm%C3%B6" rel="nofollow noopener noreferrer" target="_blank">#Malmö</a> (23-26 June)!
🎙️ Whats new in WinGet
🎟️ Tickets and full schedule available at <a href="https://psconf.eu" rel="nofollow noopener noreferrer" target="_blank">psconf.eu</a>
<a class="hashtag" href="https://bsky.app/search?q=%23PowerShell" rel="nofollow noopener noreferrer" target="_blank">#PowerShell</a> <a class="hashtag" href="https://bsky.app/search?q=%23Sk%C3%A5ne" rel="nofollow noopener noreferrer" target="_blank">#Skåne</a> <a class="hashtag" href="https://bsky.app/search?q=%23Svenska" rel="nofollow noopener noreferrer" target="_blank">#Svenska</a> <a class="hashtag" href="https://bsky.app/search?q=%23Sweden" rel="nofollow noopener noreferrer" target="_blank">#Sweden</a> <a class="hashtag" href="https://bsky.app/search?q=%23IT" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a class="hashtag" href="https://bsky.app/search?q=%23automation" rel="nofollow noopener noreferrer" target="_blank">#automation</a> <a class="hashtag" href="https://bsky.app/search?q=%23WinGet" rel="nofollow noopener noreferrer" target="_blank">#WinGet</a> </p>
OTX Bot<p>New 'Chihuahua Stealer' Targets Browser Data and Crypto Wallets</p><p>A novel infostealer named Chihuahua Stealer has been detected, blending standard malware techniques with advanced features. This .NET-based malware employs a multi-stage PowerShell script infection process, utilizing Base64 encoding, hex-string obfuscation, and scheduled tasks for persistence. It targets browser data and cryptocurrency wallet extensions, extracting credentials, cookies, autofill data, browsing history, and payment information. The stolen data is compressed, encrypted using AES-GCM, and exfiltrated to an external server. The malware's sophisticated execution chain includes stealthy loading and a multi-staged payload, making it challenging to detect and analyze.</p><p>Pulse ID: 6824a0fe7bd740a9edd5ae96<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6824a0fe7bd740a9edd5ae96" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6824a</span><span class="invisible">0fe7bd740a9edd5ae96</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-14 13:56:14</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Browser</span></a> <a href="https://social.raytec.co/tags/Cookies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cookies</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/InfoStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoStealer</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/NET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NET</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
SearchEngineAdd web search to any GitHub Copilot model – Install Tavily MCP server in VS Code on Windows LL...<br><br><a href="https://4sysops.com/archives/add-web-search-to-any-github-copilot-model-install-tavily-mcp-server-in-vs-code-on-windows/" rel="nofollow noopener noreferrer" target="_blank">https://4sysops.com/archives/add-web-search-to-any-github-copilot-model-install-tavily-mcp-server-in-vs-code-on-windows/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Articles" target="_blank">#Articles</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/powershell" target="_blank">#powershell</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/mcp" target="_blank">#mcp</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/AI" target="_blank">#AI</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/agents" target="_blank">#agents</a><br><br><a href="https://awakari.com/pub-msg.html?id=9xP4JBwAVEOqQLao2KP6rv3S1Mu&interestId=SearchEngine" rel="nofollow noopener noreferrer" target="_blank">Result Details</a>
OTX Bot<p>TA406 Pivots to the Front</p><p>In February 2025, TA406, a North Korean state-sponsored actor, began targeting Ukrainian government entities with phishing campaigns aimed at gathering intelligence on the Russian invasion. The group utilized freemail senders impersonating think tank members to deliver both credential harvesting attempts and malware. Their tactics included using HTML and CHM files with embedded PowerShell for malware deployment, as well as fake Microsoft security alerts for credential theft. The malware conducted extensive reconnaissance on target hosts, gathering system information and checking for anti-virus tools. TA406's focus appears to be on collecting strategic, political intelligence to assess the ongoing conflict and potential risks to North Korean forces in the region.</p><p>Pulse ID: 6823b32f1fad0a568539c4c1<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6823b32f1fad0a568539c4c1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6823b</span><span class="invisible">32f1fad0a568539c4c1</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-13 21:01:35</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CredentialHarvesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CredentialHarvesting</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/Ukr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukr</span></a> <a href="https://social.raytec.co/tags/Ukrainian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukrainian</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
A New Breed of Infostealer
A newly discovered .NET-based infostealer, Chihuahua Stealer, combines common malware techniques with advanced features. The infection begins with an obfuscated PowerShell script shared via Google Drive, initiating a multi-stage payload chain. Persistence is achieved through scheduled tasks, and the main payload targets browser data and crypto wallet extensions. Stolen data is compressed, encrypted using AES-GCM via Windows CNG APIs, and exfiltrated over HTTPS. The malware employs stealth techniques, including multi-stage execution, Base64 encoding, hex-string obfuscation, and scheduled jobs. It targets browser data, crypto wallets, and uses unique identifiers for each infected machine. The stealer's sophistication is evident in its use of Windows Cryptography API for encryption and its thorough cleanup process.
Pulse ID: 682345233e3c2b7479bfdf61
Pulse Link: https://otx.alienvault.com/pulse/682345233e3c2b7479bfdf61
Pulse Author: AlienVault
Created: 2025-05-13 13:12:03
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
I made a very serious video to let you know....
I'm going to #PSConfEU!
You can expect:
- Interviews
- Lots of #PowerShell
- Probably too much coffee
- New Friends
If you're going, let’s connect. If you're not, tell me what you'd want to see or learn from the conference
I've released yet another update to the PSPodcast #PowerShell module. https://github.com/jdhitsolutions/PSPodcast The big change is that you can now get full episode descriptions .
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload