The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.

The viral AI agent Moltbot is a security mess - 5 red flags you shouldn't ignore (before it's too late)

The viral AI agent Moltbot is a security mess - 5 red flags you shouldn't ignore (before it's too late) ...
Infosecurity Magazine

Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign

Researchers discover that PureRAT’s code now contains emojis – indicating it has been written by AI based-on comments ripped ...