Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8. The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, affect every version of the editor up to and including 8.9.6, Notepad++ said in…
Tag: commands
AI, Global Security News
New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk
Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows
AI, Exploits, Global Security News
PHP Composer flaws enable remote command execution via Perforce VCS
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…
Global Security News, malware
New ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives
A new ClickFix scam tricks Windows users into running hidden commands that map hacker-controlled drives and load malware…
AI, Global Security News
New font-rendering trick hides malicious commands from AI tools
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. […]
AI, Global Security News, Risk Management
Hidden instructions in README files can make AI agents leak data
Developers rely on AI coding agents to set up projects, install dependencies, and run commands by following instructions in repository README files, which provide setup guidance for software projects. New research identifies a security risk when attackers hide malicious instructions in those documents. A semantic injection attack, where injections are embedded in an installation file,…
AI, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Fake Claude Code Install Pages Spread Infostealer Malware
Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages. Security researchers at Push Security recently uncovered a campaign targeting users of Anthropic’s Claude Code, a popular command-line AI coding assistant. The attackers are using cloned websites and malicious search advertisements…
AI, Endpoint, Global Security News
Open-source tool Sage puts a security layer between AI agents and the OS
Autonomous AI agents running on developer workstations execute shell commands, fetch URLs, and write files with little or no inspection of what they are doing. Open-source project Sage inserts an interception layer between an AI agent and those operations, checking each action before it proceeds. The project applies the term Agent Detection & Response (ADR)…
AI, Global Security News
New Aeternum C2 Botnet Evades Takedowns via Polygon Blockchain
Qrator Research Lab has identified Aeternum C2, a botnet that uses the Polygon blockchain for commands, making it nearly impossible to shut down.
Global Security News
Best internet (low ping) for gaming in Michigan – 2026 provider rankings & real ping
GUEST OPINION: Winning a tight firefight comes down to milliseconds. If your commands reach the server before your rival’s, you live to brag; if they don’t, you watch the kill-cam.
AI, Global Security News, malware, Network Security
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages…