Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows ...

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

A newly discovered InstallFix campaign relies on malicious commands on cloned installation webpages to trick victims into installing malware.

Quick and efficient command-line alternatives to everyday GUI tasks.

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users ...

Microsoft reveals ClickFix campaign abusing Windows Terminal to deliver Lumma Stealer and steal browser credentials.

A precise approach to everyday Windows breakdowns.

Researchers link Silver Dragon APT to APT41 after attacks on government entities using Cobalt Strike, DNS tunneling, and Google Drive-based C2.

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

The user had asked for a simple PowerShell script to remove Python pycache folders. Instead, the script ended up deleting the contents of the user’s F: drive, including project files and Docker data.