The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
cryptopolitan

North Korea’s Lazarus Group deploys fileless RemotePE trojan, targeting crypto and banks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect. The malware specifically targets banks, crypto ...
Nintendo Life

Reggie Fils-Aimé Recalls The Phone Call That Broke Nintendo And Amazon's Relationship

Nintendo of America's former president, Reggie Fils-Aimè, has described how a request for "an obscene amount of support" from Amazon during the Wii and DS era ultimately led to the withdrawal of both ...
GitHub

Universal App Bridge (UAB)

Smart function discovery and framework-level desktop app control for AI agents. UAB doesn't just automate apps — it discovers, identifies, learns, and remembers how to control every application on ...
Security Boulevard

Top CVEs of December 2025

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the “React2Shell” ...
The Hacker News

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture ...
Bleeping Computer

Popular npm linter packages hijacked via phishing to drop malware

Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The attacker(s) used stolen ...
WeLiveSecurity

Unmasking AsyncRAT: Navigating the labyrinth of forks

AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants. While its capabilities are not that ...
TechSpot

Microsoft replaces legacy JavaScript engine to improve security in Windows 11

In context: Windows has included a proprietary JavaScript engine since the release of Internet Explorer 3.0 nearly 30 years ago. Technically, JScript is Microsoft's own dialect of the ...
WeLiveSecurity

Operation RoundPress

This blogpost introduces an operation that we named RoundPress, targeting high-value webmail servers with XSS vulnerabilities, and that we assess with medium confidence is run by the Sednit ...
CSOonline

Russia-linked APT29 targets European diplomats with new malware

Cyberespionage group known as APT29 and linked to Russia’s foreign intelligence service (SVR), has added a new malware loader to its toolset. Used for fingerprinting, persistence and payload delivery, ...