Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...

Hackers compromise NGINX servers to redirect user traffic

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's ...

New Amaranth Dragon cyberespionage group exploits WinRAR flaw

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.

I hacked my own computer using OpenClaw and it was terrifyingly easy

Agentic AI tools like OpenClaw promise powerful automation, but a single email was enough to hijack my dangerously obedient ...
GitHub

Cloudflare ACME Challenge WAF Bypass Scanner

├── scanner.py # Entry point (CLI) ├── core/ │ ├── scanner.py # CloudflareScanner class │ ├── oast.py # OAST client & server │ ├── poc_generator.py # Auto POC generation │ └── llm_analyzer.py # AI ...
IEEE

Good News for Script Kiddies? Evaluating Large Language Models for Automated Exploit Generation

Abstract: Large Language Models (LLMs) have demonstrated remarkable capabilities in code-related tasks, raising concerns about their potential for automated exploit generation (AEG). This paper ...
nation

Outrage, promises then business as usual: Nairobi’s familiar script after building disasters

Every time a building collapses in Nairobi, the sequence is grimly familiar. There is outrage, official visits to the rubble, pledges of investigations and suspensions announced with urgency. Then, ...