Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
PCMag

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Delete Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed to delete articles and place Russian text in the edit summary.
Cybernews

AI agents are too easy to fool, with websites now littered with hidden “system override” commands

Researchers at Unit 42, a security arm of Palo Alto Networks, have documented real-world attacks, and they’re as dumb as it gets. Hidden text on websites simply asks AI to “ignore previous ...

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

If you wanted to steal local files from someone using Perplexity's Comet browser, until last month you could just schedule ...
Biometric Companies

Fraud, evolved: Ingenium spotlights biometric injection attacks and IAD assurance

Biometric injection attacks are emerging as the key vulnerability in biometric remote identity verification and user authentication systems, making assurance that protections against them are ...
ZDNet

ChatGPT's new Lockdown Mode can stop prompt injection - here's how it works

Hackers use prompt injection to steal the private data you use in AI. ChatGPT's new Lockdown Mode aims to prevent these attacks. Elevated Risk labels warn you of AI tools and content that could be ...
IEEE

Attack Detection of Cyber-Physical Systems With Two-Channel False Data Injection Attacks

Abstract: This paper addresses the attack detection problem for cyber-physical systems subject to false data injection attacks. A novel detection framework is developed for cyber-physical systems ...
Bleeping Computer

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...
TMCnet

iProov Dynamic Liveness Is the First and Only Solution to Achieve CEN/TS 18099 High and Ingenium Level 4 for Injection Attack Detection

iProov, the world's leading provider of science-based biometric identity verification solutions, today announced that its Dynamic Liveness technology is the first and only solution to successfully ...
winbuzzer.com

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

Microsoft patched a high-severity command injection vulnerability in Windows Notepad through its February 2026 Patch Tuesday updates that allows attackers to execute malicious code remotely via ...
Newsday

Terrell Campbell, 29, of Brooklyn, charged in Elmont acid attack on Nafiah Ikram

A Brooklyn man has been indicted in the attack of an Elmont college student who was splashed in the face with sulfuric acid in her driveway as she returned home from work almost five years ago, ...