The Hacker News

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Researchers uncovered a CrashFix campaign where a fake Chrome ad blocker crashes browsers to trick users into installing the ...
Dark Reading

Shadow#Reactor Uses Text Files to Deliver Remcos RAT

Attackers use a sophisticated delivery mechanism for RAT deployment, a clever way to bypass defensive tools and rely on the ...
Cybernews

KongTuke’s CrashFix campaign uses fake Chrome adblocker to deploy ModeloRAT

A worker searching for an adblocker ended up installing malware instead after threat actor KongTuke pushed a fake Chrome ...
GitHub

Shell Sort Using PowerShell and Python

This project implements the Shell Sort algorithm using PowerShell and Python. Shell Sort is an in-place comparison sort which is a generalization of insertion sort that allows the exchange of items ...

Fake ad blocker extension crashes the browser for ClickFix attacks

A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the ...
Security Boulevard

Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks

Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures ...
The Hacker News

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

CERT-UA reports PLUGGYAPE malware attacks targeting Ukrainian defense forces via Signal and WhatsApp, using phishing links ...

鱼叉刺向关键基础设施——伊朗“泥水”组织全球钓鱼行动升级 ...

2025年12月初,以色列政府官网(gov.il)悄然上线一则安全通告,标题直指一个代号为“MuddyWater”(泥水)的网络威胁组织。尽管页面内容因Cloudflare验证机制未能完整抓取,但结合多方情报与历史攻击模式,网络安全界迅速达成共识:这是一次针对国家关键部门的高危预警。 通告虽简,却如警钟长鸣——MuddyWater正以更狡猾的鱼叉式钓鱼手段,瞄准政府机构、国防承包商、能源与电信等核 ...