The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.
IEEE

XShellGNN: Cross-file Web Shell Detection Based on Graph Neural Network

Abstract: In the ever-evolving digital landscape, the complexity of web technologies has significantly increased. This complexity highlights the limitations of traditional web defense mechanisms in ...
GitHub

PyConda - A Python-Based Programming Language

PyConda is an interpreted programming language that combines the simplicity of Python with custom features. It allows you to define functions, control flow, and perform operations easily. This README ...
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this ...
i-SCOOP

Manus Agents

Meta has quietly launched its $2 billion acquisition, Manus, as an autonomous AI agent on Telegram. Discover how this "action engine" builds apps, analyzes data, and browses the web for you.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
Milwaukee Journal Sentinel

It's an unlucky Friday the 13th for these people in the Epstein files

In the two weeks since the Department of Justice published more than 3 million pages of investigative records, the largest Epstein-related disclosure to date, the damage has been swift and global.