Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

Chrome Add-On Caught Stealing Amazon Commissions

A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting ...

New GlassWorm attack targets macOS via compromised OpenVSX extensions

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.
WinBuzzer

Chrome Extensions Caught Stealing Amazon Affiliate Revenue and ChatGPT Tokens

Security researchers have discovered 29 malicious Chrome extensions disguised as ad blockers that hijack Amazon affiliate links and steal ChatGPT tokens from users.