Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
Fabbaloo

Malware Campaigns Targets 3D Model Sites via Blender

It turns out that some participants post .blend files, which are used by the popular Blender open-source 3D modeling system.
Hosted on MSN

Ray clusters hijacked and turned into crypto miners by shadowy new botnet

Ray clusters remain vulnerable to remote code execution via unauthenticated Jobs API Threat group “IronErn440” exploits flaw with AI-generated payloads, deploying XMRig cryptojacker Over 230,000 Ray ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
CSOonline

Cryptojacking attack on cloud workloads uses fileless Python malware

With increased deployment of security solutions on cloud infrastructure, hackers have started adopting detection evasion tactics from Windows desktop computers to cloud environments. One such tactic ...

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.