The Hacker News

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

How I set up Claude Code in iTerm2 to launch all my AI coding projects in one click

Managing multiple Claude Code projects doesn't have to be chaotic. My iTerm2 setup dramatically reduces friction in my daily ...
VnExpress International on MSN

How a self-taught Vietnamese high schooler built the malware that infected 94,000 computers worldwide

International cybersecurity firms had been tracking a sophisticated malware strain called PXA Stealers for months, tracing it ...
Security Boulevard

That “job brief” on Google Forms could infect your device

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...
How-To Geek on MSN

Fed up with the Spotify Linux app? This custom widget is the fix

Use Playerctl, Python, and Conky timer to create a 'now playing' Spotify desktop widget.
Security Boulevard

Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.
GitHub

disable_uac_remote_restriction.yml

description: The following analytic detects the modification of the registry to disable UAC remote restriction by setting the "LocalAccountTokenFilterPolicy" value to "0x00000001". It leverages data ...
GitHub

windows_iis_components_add_new_module.yml

description: The following analytic detects the execution of AppCmd.exe to install a new module in IIS. This detection leverages data from Endpoint Detection and Response (EDR) agents, focusing on ...