随着端点检测与响应（EDR）技术及反病毒软件的日益成熟，传统依赖于可执行文件（.exe, .dll）落地执行的恶意软件生存空间受到极大挤压。攻击者被迫不断演进其战术、技术与过程（TTPs），寻求更隐蔽的入侵途径。在此背景下，“无文件攻击”逐渐成为主流趋势，其核心特征是不在磁盘上留下明显的恶意文件实体，而是利用操作系统自带的合法管理工具（如PowerShell, WMI, PsExec等）在内存中执 ...

Using an AI coding assistant to migrate an application from one programming language to another wasn’t as easy as it looked. Here are three takeaways.

Researchers link Silver Dragon APT to APT41 after attacks on government entities using Cobalt Strike, DNS tunneling, and ...

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...

AI is helping cybercriminals to rapidly assemble malware with flat-pack efficiency. It’s almost like buying a sofa from Ikea, ...

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware ...

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign ...

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

North Korean hacking group APT37 was seen deploying new implants, backdoors, and other tools in attacks targeting air-gapped ...