New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
TechJuice

Security Alert: “AgreeTo” Outlook Add-In Hijacked to Steal 4,000+ Passwords

Security researchers uncover the first malicious Outlook add-in, hijacked to steal 4,000+ Microsoft credentials in new supply chain attack.
Security Boulevard

Outlook add-in goes rogue and steals 4,000 credentials and payment data

The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.

CAPTCHA or trap? Windows users tricked into installing malware on their PCs

StealC malware campaign exploits fake CAPTCHA pages to steal sensitive data while blending into normal system activity.

New Architecture, New Risks: One-Click to Pwn IDIS IP Cameras

Modern capabilities, such as cloud-powered management, analytics, and detection, have introduced a new architectural era to IP-based video surveillance, which remains a prominent safety feature across ...
Cyber Daily

Multi-million-dollar FIIG penalty a “clear warning to all financial organisations,” expert says

Cyber security is not an IT issue; it is a board-level governance obligation,” says Trend Micro’s Field CISO, ANZ, Andrew ...

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
Independent RecordOpinion

HD 17 needs leader who will put community first | Susan Geise

I am excited and honored to announce that I am running as a Republican to represent Montana House District 17, writes Susan ...

Hochman, Goold give glimpses of St. Louis Cardinals spring training

St. Louis Cardinals beat writer Derrick Goold and sports columnist Benjamin Hochman are using TikTok to give people views of ...
The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s ...

Pryce Sandfort returns to Iowa in crucial game for Nebraska basketball

Pryce Sandfort grew up in Waukee, Iowa and spent two years as a Hawkeye. Tuesday, he'll return to Carver-Hawkeye Arena for ...