Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...

After CBSE Admits Gaps In OSM, Teen Hacker Reacts With Honey Singh's 'Dope Shope' Meme

Nisarga Adhikary, a 19-year-old hacker who claimed to have found critical vulnerabilities and data security lapses in Central Board of Secondary Education’s (CBSE) On-Screen Marking (OSM) process to ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...