WinBuzzer

Fake 7-Zip Downloads Turn Home PCs Into Malicious Proxy Nodes

Researchers have uncovered a malware campaign targeting 7-Zip users through fake domain 7zip.com, turning infected computers ...

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
The Hacker News

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery and RAT deployment.
Hackaday

Reverse Engineering A Dash Robot With Ghidra

One of the joys of browsing secondhand shops is the possibility of finding old, perhaps restorable or hackable, electronics ...

How to test OpenClaw without giving an autonomous agent shell access to your corporate laptop

OpenClaw jumped from 1,000 to 21,000 exposed deployments in a week. Here's how to evaluate it in Cloudflare's Moltworker sandbox for $10/month — without touching your corporate network.
CSO Online

Critical BeyondTrust RS vulnerability exploited in active attacks

Researchers have detected attacks that compromised Bomgar appliances, many of which have reached end of life, creating problems for enterprises seeking to patch.

LummaStealer infections surge after CastleLoader malware campaigns

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware.