ClickFix attackers using new tactic to evade detection, says Microsoft

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.

Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves A new twist on the long-running ...
NextBigFuture

XAI MacroHard and Digital Optimus is One Thing

Elon explicitly pushed back on today’s Business Insider “Macrohard stalled → pivot to Tesla” FUD. XAI minor staff churn, ...
WeLiveSecurity

Sednit reloaded: Back in the trenches

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.
XDA Developers on MSN

This self-hosted bookmark manager makes good use of my local LLMs, and it's the only one I've actually stuck with

It was a solid addition to my LLM-powered app stack ...
XDA Developers on MSN

PowerToys keeps adding features that should have been baked into Windows from the start

I wanted these features on my OS by default, not Copilot ...
Cybernews

Hackers hijack Wordpress sites and deploy CAPTCHA ClickFix in global infostealer campaign

Cybercriminals have compromised hundreds of websites – including regional news outlets and the website of a US Senate candidate – in a global malware operation new research has uncovered.
Cybernews

Hackers target Mac users with fake CleanMyMac, empty crypto wallets

Hackers have launched a convincing, fraudulent CleanMyMac website to trick Mac users into installing SHub Stealer, a malware ...
Arabian Post

Hijacked WordPress sites fuel global data-stealing campaign

Cyber-criminals have compromised hundreds of legitimate WordPress websites in a global operation designed to infect unsuspecting visitors with information-stealing malware, raising fresh concerns ...
SecurityWeek

Over 100 GitHub Repositories Distributing BoryptGrab Stealer

Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...

Fake Claude Code install guides push infostealers in InstallFix attacks

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...