Bad CAPTCHA in the wild tricks Mac users into installing malware through Terminal

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.
Dark Reading

VMware Aria Operations Bug Exploited, Cloud Resources at Risk

Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud ...
GitHub

Command Injection in Cloud Compliance Scanning in HummerRisk

Project: HummerRisk Repository: https://github.com/HummerRisk/HummerRisk Affected Version: <=1.5.0 Affected Component: Cloud compliance scanning module A critical ...
PC World

Microsoft Store goes zero-clutter—through the command line

PCWorld reports that Microsoft has introduced a command-line interface for the Microsoft Store, offering a text-based alternative to the traditional graphical interface. The CLI enables users to ...
Neowin

Microsoft introduces a new command-line interface for the Microsoft Store

Microsoft has introduced a dedicated Command-Line Interface (CLI) for the Microsoft Store, allowing anyone to manage apps directly via the terminal. Microsoft today announced a new command-line ...
Dark Reading

Critical Telnet Server Flaw Exposes Forgotten Attack Surface

Threat actors are exploiting a critical vulnerability that affects hundreds of thousands of telnet servers, bringing an often-neglected threat vector back into the limelight. One Monday, the US ...
The Verge

Winapp is Microsoft’s new command line utility for developers.

Microsoft is releasing Windows App Development CLI (winapp) in public preview today. The open-source utility is aimed at Windows app developers, to make it easier to work across multiple frameworks ...
Infosecurity-magazine.com

Prompt Injection Bugs Found in Official Anthropic Git MCP Server

Three security vulnerabilities in the official Git server for Anthropic's Model Context Protocol (MCP), mcp-server-git, have been identified by cybersecurity researchers. The flaws can be exploited ...
Bleeping Computer

Exploit code public for critical FortiSIEM command injection flaw

The vulnerability is tracked as CVE-2025-64155, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. Researchers at ...
Bloomberg L.P.

Blackout Reveals Germany’s Infrastructure Vulnerabilities

Around 27,000 homes in Berlin are still without power for a fourth day after an arson attack produced the second major blackout since September. It’s taking contractors longer than usual to fix the ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...