A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools.
Malwarebytes Labs researchers spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Another major Linux security flaw revealed — nine-year old issue could spell disaster for users
May 23, 2026
Security researchers Qualys discovered a major flaw in the Linux operating system (OS) that could let any ordinary user, or malicious actor, gain full admin access on vulnerable endpoints. This bug lingered in Linux systems since 2016, and affects the default installations of several major distributions, including Red Hat, SUSE, Debian, Fedora, AlmaLinux, CloudLinux, and others. Read more… Source: TechRadar News Sign up ...
- Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
May 22, 2026
In 2025, Kaspersky observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group which was known to Kaspersky researchers since 2014. During the investigation, the researches identified new tools used by this group, as ...
- ROADtools and Nation-State Tactics in the Cloud
May 22, 2026
ROADtools is a publicly available toolkit for offensive and defensive security purposes that attackers have integrated into cloud attacks. The tool is designed to: Enumerate Entra ID Register devices in Entra ID Acquire, exchange and manipulate Microsoft Entra ID tokens ROADtools is an open-source framework written in Python and built for red-teaming and research. It primarily targets the identity and ...
- Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
May 22, 2026
Unit 42 researchers have observed evidence of cyberattacks by the Iran-nexus advanced persistent threat (APT) group Screening Serpens (aka UNC1549, Smoke Sandstorm and Iranian Dream Job). Based on Unite 42 visibility, researchers believe that the group targeted entities in the U.S., Israel and the United Arab Emirates, and likely two additional Middle Eastern entities. This research follows ...
- Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens
May 21, 2026
The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement (PSA) to warn the public about an emerging Phishing1-as-a-Service2 (PhaaS) platform called Kali365, first seen in April 2026. Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication3 (MFA) protocols without intercepting the user’s ...
- Key Microsoft legacy tool is still being abused to launch malware campaigns
May 21, 2026
Cybercriminals are increasingly using a legitimate legacy Windows tool to deploy infostealers and loader malware, researchers are saying. A new Bitdefender report has claimed that since the start of 2026, there’s been an uptick in activity related to a Windows utility called Microsoft HTML Application Host (MSHTA), a legitimate utility that runs special HTML-based application files known as HTAs. Read more… Source: ...