Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
CPO Magazine

Over 800,000 Internet-Exposed Telnet Servers Affected by Decade-old Critical Security ...

A decade-old critical security vulnerability affects over 800,000 internet-exposed telnet servers, with reports of active ...
CSO Online

Shai-Hulud & Co.: The software supply chain as Achilles’ heel

The threat situation in the software supply chain is intensifying. Securing it belongs at the top of the CISO’s agenda.
Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...
The Hacker News

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.
Security Boulevard

StrongestLayer: Top ‘Trusted’ Platforms are Key Attack Surfaces

StrongestLayer's new threat intelligence report is based on an analysis of 2,042 advanced email attacks that successfully bypassed well-known secure email gateways before being detected. #EmailSecurit ...
The Standard

KWS officers arrest three suspects, seize elephant tusks, wildlife skins

KWS officers have arrested three suspects and seized ten elephant tusks, three leopard skins, and three python skins during an operation in Lokichar targeting regional trafficking networks.
cryptopolitan

Sui Network moves on from major outage with mainnet, protocol upgrades

The Sui network has pushged through upgrades to its mainnet, deploying version V1.63.3, and upgrading the protocol to version 107. It suffered a major outage last week that lasted for nearly six hours ...
threatcop

Ping Spoofing Explained: How Attackers Exploit Network Protocols

Cybersecurity threats can use basic network protocols as attack points, even though they may not be sophisticated or use zero-day exploits. Attackers are able to use ping spoofing as an initial act of ...
SecurityWeek

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. A Chinese threat actor built an exploit for three VMware ESXi vulnerabilities that were patched ...
Bleeping Computer

Cisco warns of Identity Service Engine flaw with exploit code

Cisco has patched a vulnerability in its Identity Services Engine (ISE) network access control solution, with public proof-of-concept exploit code, that can be abused by attackers with admin ...
cryptopolitan

Flow Foundation moves to phase two of $3.9M exploit recovery

Flow Foundation has entered phase two of its recovery after a $3.9 million exploit hit the network on December 27, 2025. Developers are working to restore EVM functionality while continuing fixes on ...