Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
GIGAZINE

Anthropic's 'Cowork' vulnerable to indirect prompt injection file exfiltration attack

Cowork, an AI agent released by Anthropic to assist with daily tasks, has been found to have a vulnerability that allows it to read and execute malicious prompts from files uploaded by users.
WinBuzzer

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

Microsoft has patched the Windows Notepad remote code execution vulnerability CVE-2026-20841, warning users to install ...