The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Forbes

Cisco Secure Email Attacks: 0-Day Exploit Confirmed, No Fix Available

“There are no workarounds identified that directly mitigate the risk concerning this attack campaign,” is not what you want to read, having just been informed of a zero-day exploit concerning a Common ...
Deadline.com

‘Wicked: For Good’: Read The Screenplay For The Film That Follows The Yellow Brick Road All The Way To ‘The Wizard Of Oz’

Deadline’s Read the Screenplay series spotlighting the scripts behind the awards season’s most talked-about movies continues with Wicked: For Good, the second film in the Jon M. Chu-directed ...
HHS

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. See Also: Top ...
Benzinga.com

Could AI Agents Exploit Ethereum, XRP, Solana? Anthropic Says It's Possible

AI firm Anthropic says its latest tests showed AI agents autonomously hacking top blockchains and draining simulated funds, signaling that automated exploits may now threaten blockchains like Ethereum ...
Infosecurity-magazine.com

Hackers Exploit Critical Flaw in Gladinet's Triofox File Sharing Product

Cyber threat actors have been exploiting a vulnerability in Gladinet’s Triofox, a file-sharing and remote access platform, and chained it with the abuse of the built-in anti-virus feature to achieve ...
GameSpot

Battlefield 6 And Redsec 1.1.1.5 Update Patches Out An Infamous Exploit

GameSpot may get a commission from retail offers. Battlefield 6 and the battle royale game Redsec are getting a new update on November 11, featuring a number of quality-of-life updates and bug fixes.
CSOonline

Claude AI vulnerability exposes enterprise data through code interpreter exploit

Security researcher demonstrates how attackers can hijack Anthropic’s file upload API to exfiltrate sensitive information, even with network restrictions enabled. A newly disclosed vulnerability in ...
TechCrunch

Apple alerts exploit developer that his iPhone was targeted with government spyware

Earlier this year, a developer was shocked by a message that appeared on his personal phone: “Apple detected a targeted mercenary spyware attack against your iPhone.” “I was panicking,” Jay Gibson, ...