New DNS-based ClickFix attack tricks users into executing malicious commands, allowing malware to stage through nslookup and evade detection. This sophisticated technique blends into normal network traffic, highlighting the evolving threat of social engineering.

A hacker claims to have leaked 6.8 billion email addresses in a 150GB archive, with researchers verifying roughly 3 billion as usable. The dataset could fuel large-scale phishing and business email compromise attacks through highly targeted social engineering.

Augustus is a new open-source LLM vulnerability scanner capable of launching over 210 adversarial attacks against 28 AI providers. Built as a fast, portable Go binary, it enables production-ready red teaming to identify jailbreaks, prompt injections, and data leakage risks.

Hackers are exploiting Windows screensaver files to secretly install legitimate remote management tools, giving them persistent control over systems. This tactic blends malicious activity into normal network traffic, making detection and prevention much more difficult.

A new Windows malware called RenEngine loader is hiding inside pirated PC games, infecting over 400,000 devices worldwide. It secretly steals sensitive data from browsers, wallets, and system files while remaining undetected by most antivirus programs.

macOS users are now facing a rapidly expanding ecosystem of malware and infostealers targeting browser sessions, cloud tokens, and developer credentials. Threat actors are using social engineering, malicious ads, and legitimate tools to propagate these attacks across mixed environments.

Ransomware groups have exploited virtual machines with default hostnames to stealthily deliver malicious payloads, blending in with legitimate servers. This highlights the growing need for proactive monitoring and secure configuration of virtualized environments.

A critical vulnerability in the OpenClaw AI assistant allows attackers to execute malicious code on user systems via a single link, bypassing safety controls. This exploit highlights the risks of granting AI agents unrestricted system access without robust validation and monitoring.

Browser-based password managers can expose credentials if devices or cloud accounts are compromised, putting personal and business data at risk. Dedicated password management tools with master passwords and strong access controls provide stronger protection against modern cyber threats.

A Canadian electronics retailer disclosed a website breach exposing customer payment and personal data, sparking frustration over delayed and inconsistent communication. The incident highlights the risks in e-commerce checkout systems and the real consequences of weak breach transparency.

Marquis Software Solutions attributes a ransomware attack affecting U.S. banks to stolen firewall backup data from SonicWall’s cloud service. The incident highlights how breaches of trusted providers can cascade into major enterprise impacts.

A new malware campaign abuses fake CAPTCHA prompts and trusted Windows virtualization components to trick users into manually triggering infections. By blending social engineering with legitimate Microsoft infrastructure, attackers evade detection while deploying stealthy information-stealing malware.