Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
The Hacker News

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ 8.9.2 fixes update hijack exploited to deliver malware, patches RCE flaw, and hardens WinGUp security.
CNET

Your Bluetooth Audio Devices Could Be at Risk of Hijacking, Researchers Say

Researchers working at KU Leuven University in Belgium are warning people who use Bluetooth audio products that their devices may be at risk due to vulnerabilities in Google's Fast Pair technology, a ...

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
AOL

After an 86-year-old’s landline went silent, thieves stole $25K. The hijacked phone number scam is fueling a $4.5B crisis, but 1 move can stop it cold

When Joanne's landline went silent after returning home from the hospital, she assumed it was a simple technical problem. But within weeks, $25,000 disappeared from the 86-year-old’s Wells Fargo ...

Sports books bet big on transforming our society. This year, they’ll make losers of us all

All in, after Super Bowl LX and the Winter Olympics, 2026 is primed to be a milestone year for the sports books, granting ...
Hosted on MSN

Russia is hijacking Starlink to send its killer drones even farther

Russia’s war in Ukraine has entered a new phase in which cheap, expendable drones are guided by commercial satellites instead of vulnerable radio links. By wiring Starlink terminals onto “kamikaze” ...

Critical React Native Metro dev server bug under attack as researchers scream into the void

Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware ...
Opinion

OpenClaw patches one-click RCE as security Whac-A-Mole continues

Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot ...
The Hacker News

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery and RAT deployment.

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

A hacker noticed the change in its status and hijacked the dead add-in and its 4.71-star rating to conduct a phishing campaign that the company which uncovered the attack, plug-in security company Koi ...