Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

InstallFix delivers an infostealer to your device.

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.

A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. Since August 2025, KadNap has grown to ...

Researchers say they have uncovered a takedown-resistant botnet of 14,000 routers and other network devices—primarily made by Asus—that have been conscripted into a proxy network that anonymously ...