Claude Cowork Sandbox Flaw Lets Attackers Execute Commands as Root in Hyper-V VM

A newly disclosed sandbox escape technique in Anthropic’s Claude Cowork for Windows illustrates how attackers can achieve root-level command execution inside a Hyper-V–isolated Ubuntu virtual machine (VM) by exploiting design vulnerabilities in CoworkVMService and its Remote Procedure Call (RPC) interface.…

SharkLoader Malware Uses Perfect DLL Hijacking to Execute Cobalt Strike in Memory

SharkLoader, used by an intrusion cluster tracked as StrikeShark to deliver Cobalt Strike Beacon entirely in memory across a wide international footprint. The campaign combines opportunistic exploitation of exposed internet-facing infrastructure with custom droppers disguised as trusted installers to establish…

Google Disrupts NetNut Residential Proxy Botnet Used for Malware C2 and Password Spray Attacks

Google has disrupted the NetNut residential proxy botnet, a large-scale infrastructure widely exploited for malware command-and-control (C2) operations and password spray attacks. This coordinated effort involved the FBI, Lumen, and various industry partners. It was announced by Google’s Threat Intelligence…

Hackers Compromise GitHub Maintainer Accounts to Publish PolinRider-Infected Package Versions

A widescale escalation in the PolinRider supply‑chain campaign: threat actors have compromised GitHub maintainer accounts to publish infected package versions across multiple ecosystems. The investigation identified 162 malicious release artifacts across 108 unique packages and extensions in npm, Packagist, Go…