CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability

Hijacking web traffic is an old tactic for threat actors. In fact David Shipley, head of Canadian security awareness training ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Hacker News

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Python infostealers are spreading from Windows to macOS via Google Ads, ClickFix lures, and fake installers to steal credentials and financial data.

How Jeffrey Epstein Manipulated Google Search To Bury His Past

Using a mix of search engine experts and “hackers,” Epstein sought to promote his philanthropy so he could bury negative news about his sex trafficking.

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...
PCMag

Fake Version of Popular Archiver Site Is Distributing Malware, Taking Over PCs

Watch what you type. The real 7-Zip uses a .org domain, but a .com version is distributing a Trojan, according to antivirus provider Malwarebytes.

Why the most private way to browse the web isn't incognito mode (but this instead)

A while ago, I wrote a piece on the best way to ensure your privacy with a web browser. Part of that advice was to use the Tor browser. In simplest terms, you cannot get more privacy and security from ...