New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
The Hacker News

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery and RAT deployment.
GitHub

patangation/roblox-script-exporter

A powerful Lua script that exports all scripts from Roblox place files (.rbxl) into organized directory structures, making it easy to version control, review, and manage your Roblox game code.
CIO

The agent control plane: Architecting guardrails for a new digital workforce

AI agents are powerful, but without a strong control plane and hard guardrails, they’re just one bad decision away from chaos.

LummaStealer infections surge after CastleLoader malware campaigns

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware.
The Hacker News

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system ...
How-To Geek on MSN

The secret Python switch: How one flag makes your scripts run faster

Python -O won’t magically make every script faster, but in the right workloads it’s a free win—here’s how to test it safely.
HealthcareInfoSecurity

AI-Generated Malware Exploits React2Shell for Tiny Profit

Security researchers detected artificial intelligence-generated malware exploiting the React2Shell vulnerability, allowing ...