Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
winbuzzer.com

Linux 7.2 Removes String-Copying Function Strncpy After Six-Year Cleanup

Linux kernel maintainers released a June 20 Linux 7.2 merge that removes the legacy C string-copy function strncpy from kernel code. Kernel-side is the key scope: strncpy remains part of user-space C ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Morning Overview on MSN

The fake-CAPTCHA trick spreading now asks you to paste a command that installs malware

The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is ...
pentestpartners.com

ClickFix, CrashFix and the growing family of copy and paste attacks

At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t look like that is going to change anytime soon. We’re now into June and the ‘fix’ attacks have ...
InfoQ

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...
Security Boulevard

Hacked sites deliver Vidar infostealer to Windows users

In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on ...
CSOonline

ClickFix attackers using new tactic to evade detection, says Microsoft

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news. Regardless, they agree that infosec leaders need to educate employees about ...
The Hacker News

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before ...
Ubuntu

Introduction To Bash Scripting [29 Topics]

If you are taking the first step in learning Bash scripting, then you have come to the right place. This introduction to Bash scripting guide is created with a bunch of different topics that will make ...
Dark Reading

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT

ClickFix attacks have evolved to meet the latest defense measures by using a new command to circumvent security and make people infect their own devices with malware — in this case, a remote access ...
JD Supra

What is OpenClaw, and Why Should You Care?

Over 100,000 people just gave an AI assistant root access to their computers.[1] That assistant can now talk to other AI assistants on a social network humans cannot post to.[2] Security researchers ...