Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable ...
Dark Reading

Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations

Hacktivist group claims a 2.3-terabyte data breach exposes information of 36 million Mexicans, but no sensitive accounts are ...
The Hacker News

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its ...
CU Independent

Beyond Memes: Integrating AI Face Swapping into Professional Design Workflows

Changing a face in a photograph used to be a dark art reserved for Photoshop veterans. It demanded a mastery of layers, ...

Illinois man admits to hacking Snapchat accounts to steal nude photos

An Illinois man pleaded guilty on Wednesday to phishing the Snapchat access codes of nearly 600 women in order to hack their accounts and steal nude photos, which he kept, sold or traded on the ...

Hackers compromise NGINX servers to redirect user traffic

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's ...
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs, and government domains.

OpenAI says new coding model helped build itself

The new coding model released Thursday afternoon, entitled GPT-5.3-Codex, builds on OpenAI’s GPT-5.2-Codex model and combines insights from the AI company’s GPT-5.2 model, which excels on non-coding ...

OpenClaw’s AI ‘skill’ extensions are a security nightmare

Security researchers found hundreds of malicious add-ons on ClawHub.
OSTechNix

Notepad++ Supply Chain Attack: Is Your Version Secure?

Notepad++ update servers were compromised for 6 months in 2025. Learn how the Chrysalis backdoor targeted users and why you must manually update to version 8.9.1 now.