Named after BioShock's 'Would you kindly' mechanic, the attack trains AI agents to accept false information before stealing ...
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA ...
LayerX found that BioShocking could trick AI browsers into leaking credentials by disguising malicious prompts as game rules.
LayerX tricked six AI browsers, including ChatGPT Atlas, Comet and Claude, into leaking user credentials by convincing them they were playing a game.
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
[!NOTE] All registered tasks are configured to bypass laptop AC constraints (they will execute successfully even when unplugged). However, because SpoolerWatchdog runs periodically every 5 minutes, it ...
description: The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field ...
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser ...
Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even Microsoft Developer Tools. Windows admins are going to be busy this month, ...
IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...