Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this ...

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
IEEE

DualGuard: Obfuscated Federated Learning With Two-Party Secure Robust Aggregation

Abstract: Federated learning (FL) is a promising privacy-preserving distributed machine learning paradigm. However, data privacy leakage and Byzantine clients are common challenges in the FL ...
IEEE

Cortex: A Heterogeneous Graph Transformer Framework for Detecting Obfuscated Webshells

Abstract: Static webshell detection is increasingly challenged by sophisticated code obfuscation techniques that degrade the performance of existing models. To address this, we propose Cortex, a novel ...
The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass ...