New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
The Hacker News

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Google fixes actively exploited Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw enabling sandboxed remote code execution.
WinBuzzer

Fake 7-Zip Downloads Turn Home PCs Into Malicious Proxy Nodes

Researchers have uncovered a malware campaign targeting 7-Zip users through fake domain 7zip.com, turning infected computers ...
WinBuzzer

GitHub Tool Turns Files Into Video using YouTube as Storage

A GitHub project has enabled encoding files as lossless video for YouTube storage, gaining 367 stars despite Terms of Service violations and account termination risk.