Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Archive.today: Operator uses users for DDoS attack

The operator of Archive.today is unknowingly using visitors to their site for a DDoS attack. A Finnish blogger is affected.
The Hacker News

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

North Korean IT operatives use stolen LinkedIn accounts, fake hiring flows, and malware to secure remote jobs, steal data, ...

UK has not agreed to let US strike Iran from British bases, Sky News understands

The UK is not thought to be preparing to support the US in any military offensive against Iran, but has deployed six F-35 warplanes to Cyprus, and sent four Typhoon jets to Qatar, as part of efforts ...
The Hacker News

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Suspected Russian actor deploys CANFAIL malware via phishing, targeting Ukrainian defense, energy, and aid sectors using LLM-assisted lures.

Man who stabbed soldier had 'interest' in knives

Anthony Esan is being sentenced in a three-day hearing taking place at Maidstone Crown Court.

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Critical React Native Metro dev server bug under attack as researchers scream into the void

Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware ...
The Canadian Press on MSN

B.C. health workers breached privacy of injured victims of Vancouver festival attack

VICTORIA — British Columbia health care workers unlawfully accessed highly sensitive personal information on victims of Vancouver's Lapu Lapu Day festival attack mostly out of "curiosity," the ...
Hosted on MSN

Hackers are using LLMs to build the next generation of phishing attacks

Unit 42 warns GenAI enables dynamic, personalized phishing websites LLMs generate unique JavaScript payloads, evading traditional detection methods Researchers urge stronger guardrails, phishing ...