Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
SecurityWeek

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign

A newly discovered InstallFix campaign relies on malicious commands on cloned installation webpages to trick victims into installing malware.
SecurityWeek

ClickFix Attack Uses Windows Terminal to Evade Detection

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

Fake Claude Code Spreads Malware to Windows, macOS Users

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems.
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
GitHub

Fox-Fig/slipstream-rust-plus-deploy

Advanced deployment automation for Slipstream Rust Plus. A comprehensive automation script for deploying and managing high-performance DNS tunnel servers on Linux and Android systems. This script ...