Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs

Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems...

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script VBS files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling...

WhatsApp malware campaign delivers VBScript and MSI backdoors

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Hunting queries 4. Indicators of compromise Microsoft Defender Experts observed a campaign beginning in late February 2026 that uses WhatsApp messages to deliver malicious Visual Basic Script VBS files. Once execute...

CVE-2026-20819 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

...

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOWREACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a...

Microsoft Windows Virtualization-Based Security Enclave 安全漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment in the address space of host applications from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Virtualization-Based Security...

Malicious code in vbs-ng2-shared (npm)

The package vbs-ng2-shared was found to contain malicious code...

Malicious code in vbs-common (npm)

The package vbs-common was found to contain malicious code...

Malicious code in vbs-theme (npm)

The package vbs-theme was found to contain malicious code...

MAL-2025-38161 Malicious code in vbs-ng2-shared (npm)

The package vbs-ng2-shared was found to contain malicious code...

MAL-2025-38160 Malicious code in vbs-common (npm)

The package vbs-common was found to contain malicious code...

Microsoft Windows Virtualization-Based Security Enclave 数据伪造问题漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment in the host application address space from Microsoft Corporation USA. Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is...

Abusing VBS Enclaves to Create Evasive Malware

...

Abusing VBS Enclaves to Create Evasive Malware

...

MAL-2025-617 Malicious code in outlookapi (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

MAL-2025-46 Malicious code in solanacore (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

MAL-2025-45 Malicious code in solana-login (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

KB5041578: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2024)

The remote Windows host is missing security update 5041578. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...

KB5041585: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (August 2024)

The remote Windows host is missing security update 5041585. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...

CVE-2024-21302

Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...