How to Spot 'Living Off the Land' Computer Attacks

"Living Off the Land" attacks use built-in tools and processes instead of traditional malware.

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.
Dexerto

Genshin Impact devs wipe out 1 million illegal cheats and piracy links

Genshin Impact devs have removed millions of illegal content in 2025 and recovered millions in damages as part of a major crackdown.

Downloaded a malware-infected Steam game? The FBI wants to hear from you

According to the FBI's website, the agency's Seattle branch wants to identify potential victims who installed Steam games infected with malware.

The FBI wants to know if Steam gave you malware

This is about games accused of scamming users between May 2024 and January 2026.