Bleeping Computer

Malicious NuGet packages drop disruptive 'time bombs'

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. The embedded malicious ...
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
Dark Reading

Malicious Chimera Turns Larcenous on Python Package Index

A malicious package recently uploaded to the Python Package Index (PyPI) is the latest manifestation of the growing sophistication of software supply chain threats. Security researchers at JFrog ...
CSOonline

CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

A malicious extension impersonating an ad blocker forces repeated browser crashes before pushing victims to run attacker‑supplied commands, ultimately deploying a new Python‑based RAT. Security ...
Bleeping Computer

We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain

The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting ...