Trustwave SpiderLabs uncovered a resurgence of a malicious campaign in February 2025. The attack involves tricking users, via fake CAPTCHA verifications on compromised websites, into executing a multi-stage chain of PowerShell commands to deliver malware. The malware – Lumma and Vidar, are used to steal sensitive data from infected systems. The attackers use multiple techniques, such as large file sizes, to evade detection. Trustwave advises organizations to be vigilant against deceptive CAPTCHA prompts.

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Microsoft has reported an ongoing phishing campaign, known as Storm-1865, that targets the hospitality sector by impersonating Booking.com. The campaign uses a social engineering technique