Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...

Hackers compromise NGINX servers to redirect user traffic

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's ...
SecurityWeek

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI

How AI and agentic AI are reshaping malware and malicious attacks, driving faster, stealthier, and more targeted ...
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
Security Boulevard

Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity ...
IEEE

Good News for Script Kiddies? Evaluating Large Language Models for Automated Exploit Generation

Abstract: Large Language Models (LLMs) have demonstrated remarkable capabilities in code-related tasks, raising concerns about their potential for automated exploit generation (AEG). This paper ...
GitHub

This application is a cron-driven Python script that scans a Vercel Blob Storage container, identifies specific text files, and uses an AI model to transform them into ...

src/njm_blob_cron: Main application source code.