News

The Register on MSN18h

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its ...
The Hacker News21h

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

"The upshot of CVE-2025-53690 is that an enterprising threat actor somewhere has apparently been using a static ASP.NET ...
Decrypt1d

'CopyPasta' Attack Shows How Prompt Injections Could Infect AI at Scale

AI coding tools can be tricked by fake license files to spread malicious code, security firm HiddenLayer warns.

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance ...
Decrypt1d

Hackers Using Ethereum Smart Contracts to Deliver Malware: Report

Ethereum smart contracts are being used to download malware via poisoned NPM packages, something Binance has linked to DPRK ...