latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...
Bleeping Computer

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system ...
GIGAZINE

I tried out 'a-Shell,' a free terminal app that runs on iPhones and iPads. It can execute CLI tools like Python and yt-dlp, and also supports shortcut integration.

' a-Shell ' is a free app that allows you to use a Unix-like terminal environment on your iPhone or iPad. I installed it and tried it out to see how you can actually use a terminal on a smartphone or ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...

Kestra: Ops automation beyond CI/CD

CI/CD pipelines are optimized for code deployments. Long-running operational processes and self-service workflows can be ...
Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Tech Times

D-Link Routers Hijacked by AryStinger Botnet: Over 4,300 Devices Now Scanning for Future Targets

D-Link router botnet AryStinger has compromised over 4,300 end-of-life DIR-850L and DIR-818LW devices, Qianxin XLab reported ...
The Hacker News

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

Cato Networks tracked Poisson using OpenSSH and Tailscale to maintain access after Havoc C2 outage in a 33-day intrusion.

Dev Configs for Windows: From fresh install to IDE in one command

With Microsoft's new Dev Configs, a Windows installation becomes a ready-to-use developer workstation with a single command – including WSL and Ubuntu.
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...