Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Hacker News

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Python infostealers are spreading from Windows to macOS via Google Ads, ClickFix lures, and fake installers to steal credentials and financial data.

What's the Difference Between the 'Surface Web' and the 'Deep Web'?

Like the surface of the ocean, the surface web is just a fraction of the internet as a whole. Back in 2017, some estimates ...
Microsoft

Analysis of active exploitation of SolarWinds Web Help Desk

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.
CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability

Hijacking web traffic is an old tactic for threat actors. In fact David Shipley, head of Canadian security awareness training ...
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...
Tech Xplore on MSN

How the web is learning to better protect itself

More than 35 years after the first website went online, the web has evolved from static pages to complex interactive systems, ...