Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable ...
SecurityWeek

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

The majority of the 1.4 million React2Shell exploitation attempts GreyNoise saw in a week deployed cryptominers and reverse ...

Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation

A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

What you can do to bypass authoritarian surveillance

How can people use the internet in authoritarian countries like China, Russia and Iran without revealing their identity? Are ...
Analytics Insight

Fake Recruiters Linked to North Korea Hit 3,100 IPs in Global Cyber Campaign

North Korean-linked hackers have targeted more than 3,100 IP addresses tied to AI, crypto, and finance firms through fake job interviews. The campaign used frau ...
The Hacker News

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

North Korean PurpleBravo hackers targeted 3,136 IPs and 20 companies using fake interviews, malicious VS Code projects, and BeaverTail malware.