The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.
SecurityWeek

ClickFix Attack Uses Windows Terminal to Evade Detection

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.
CSO Online

12 ways attackers abuse cloud services to hack your enterprise

As enterprises increasing depend on cloud services, living off the land has evolved into living off the cloud.
The Hacker News

âš¡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Fake Claude Code Spreads Malware to Windows, macOS Users

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems.

Bad CAPTCHA in the wild tricks Mac users into installing malware through Terminal

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.

This Scam Impersonates the Official Claude Code Website to Spread Malware

InstallFix delivers an infostealer to your device.
Bleeping Computer

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network

A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. Since August 2025, KadNap has grown to ...
PCMag on MSN

US Helps Shut Down Proxy Service Used to Hack Thousands of Routers

SocksEscort sold proxy services on the open web, but was actually routing traffic through compromised routers and internet-connected devices.