Posing as an ad blocker, the malicious extension crashes the browser to lure victims into installing malware.

The post Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’ appeared first on SecurityWeek.

Creamy harissa spiced bean puree topped with harissa roasted vegetables and a crunchy, baharat walnut crumble. Protein (24g) and Fiber (18g) rich easy meal that feels super fancy! Gluten free, Soy free, Option for nut free.

This harissa bean puree dish has an amazing texture and flavor! It’s creamy from the bean mixture, crispy from the veggies, with extra crunch from the walnuts and optional fresh vegetables. 

It’s also full of protein and fiber. There are four sources of protein: white beans, chickpeas, nutritional yeast, and walnuts. And you get lots of fiber from the veggies, beans, and nuts. 

If you’re not familiar with harissa, it’s a North African chili paste that a smoky-sweet-spicy flavor that’s delicious with beans and veggies. It can come in various heat levels, so choose based on your heat preference.

Baharat is a Middle Eastern spice blend with flavors from allspice, cardamom, cloves, cumin, and more! We are using that to season some crunchy walnuts. It’s delicious paired with the harissa bean puree in this dish!

You can pair these components in various ways. For a gluten-free meal, spread some harissa bean puree on a plate, top it with roasted veggies, walnut crumble, and fresh crunchy veggies. Or, you can make a wrap. 

This recipe works any way you want, so definitely try it. You can use whatever vegetables you like and adjust the flavor to be more or less spicy. Harissa comes in various spice levels, from mild to hot. Use mild if you prefer, or go hotter if you like. Adjust the amount based on your taste, as well.

While you are here, do check out this amazing video of 10 breakfast ideas with just 1 lentil batter on my YouTube.

Why You’ll Love Harissa Roasted Vegetable Bowls

• high protein, high fiber
• creamy, savory harissa bean puree
• tender-crisp harissa roasted vegetables
• crunchy baharat walnut topping that can be made nut-free
• versatile! Serve as bowls or wraps or any which way you like!
• naturally gluten-free and soy-free recipe

Continue reading: Harrissa Roasted Vegetables with Bean Puree and Baharat Walnut Crumble

The post Harrissa Roasted Vegetables with Bean Puree and Baharat Walnut Crumble appeared first on Vegan Richa.

Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections.

The post Sophisticated ClickFix Campaign Targeting Hospitality Sector appeared first on SecurityWeek.

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced professionals and students in the information security field.

Distribution and the malicious sample

In October, we uncovered a campaign that had been distributing Webrat via GitHub repositories since at least September. To lure in victims, the attackers leveraged vulnerabilities frequently mentioned in security advisories and industry news. Specifically, they disguised their malware as exploits for the following vulnerabilities with high CVSSv3 scores:

This is not the first time threat actors have tried to lure security researchers with exploits. Last year, they similarly took advantage of the high-profile RegreSSHion vulnerability, which lacked a working PoC at the time.

In the Webrat campaign, the attackers bait their traps with both vulnerabilities lacking a working exploit and those which already have one. To build trust, they carefully prepared the repositories, incorporating detailed vulnerability information into the descriptions. The information is presented in the form of structured sections, which include:

• Overview with general information about the vulnerability and its potential consequences
• Specifications of systems susceptible to the exploit
• Guide for downloading and installing the exploit
• Guide for using the exploit
• Steps to mitigate the risks associated with the vulnerability

Contents of the repository

In all the repositories we investigated, the descriptions share a similar structure, characteristic of AI-generated vulnerability reports, and offer nearly identical risk mitigation advice, with only minor variations in wording. This strongly suggests that the text was machine-generated.

The Download Exploit ZIP link in the Download & Install section leads to a password-protected archive hosted in the same repository. The password is hidden within the name of a file inside the archive.

The archive downloaded from the repository includes four files:

1. pass – 8511: an empty file, whose name contains the password for the archive.
2. payload.dll: a decoy, which is a corrupted PE file. It contains no useful information and performs no actions, serving only to divert attention from the primary malicious file.
3. rasmanesc.exe (note: file names may vary): the primary malicious file (MD5 61b1fc6ab327e6d3ff5fd3e82b430315), which performs the following actions:
   • Escalate its privileges to the administrator level (T1134.002).
   • Disable Windows Defender (T1562.001) to avoid detection.
   • Fetch from a hardcoded URL (ezc5510min.temp[.]swtest[.]ru in our example) a sample of the Webrat family and execute it (T1608.001).
4. start_exp.bat: a file containing a single command: start rasmanesc.exe, which further increases the likelihood of the user executing the primary malicious file.

The execution flow and capabilities of rasmanesc.exe

Webrat is a backdoor that allows the attackers to control the infected system. Furthermore, it can steal data from cryptocurrency wallets, Telegram, Discord and Steam accounts, while also performing spyware functions such as screen recording, surveillance via a webcam and microphone, and keylogging. The version of Webrat discovered in this campaign is no different from those documented previously.

Campaign objectives

Previously, Webrat spread alongside game cheats, software cracks, and patches for legitimate applications. In this campaign, however, the Trojan disguises itself as exploits and PoCs. This suggests that the threat actor is attempting to infect information security specialists and other users interested in this topic. It bears mentioning that any competent security professional analyzes exploits and other malware within a controlled, isolated environment, which has no access to sensitive data, physical webcams, or microphones. Furthermore, an experienced researcher would easily recognize Webrat, as it’s well-documented and the current version is no different from previous ones. Therefore, we believe the bait is aimed at students and inexperienced security professionals.

Conclusion

The threat actor behind Webrat is now disguising the backdoor not only as game cheats and cracked software, but also as exploits and PoCs. This indicates they are targeting researchers who frequently rely on open sources to find and analyze code related to new vulnerabilities.

However, Webrat itself has not changed significantly from past campaigns. These attacks clearly target users who would run the “exploit” directly on their machines — bypassing basic safety protocols. This serves as a reminder that cybersecurity professionals, especially inexperienced researchers and students, must remain vigilant when handling exploits and any potentially malicious files. To prevent potential damage to work and personal devices containing sensitive information, we recommend analyzing these exploits and files within isolated environments like virtual machines or sandboxes.

We also recommend exercising general caution when working with code from open sources, always using reliable security solutions, and never adding software to exclusions without a justified reason.

Kaspersky solutions effectively detect this threat with the following verdicts:

• HEUR:Trojan.Python.Agent.gen
• HEUR:Trojan-PSW.Win64.Agent.gen
• HEUR:Trojan-Banker.Win32.Agent.gen
• HEUR:Trojan-PSW.Win32.Coins.gen
• HEUR:Trojan-Downloader.Win32.Agent.gen
• PDM:Trojan.Win32.Generic

Indicators of compromise

Malicious GitHub repositories
https://github[.]com/RedFoxNxploits/CVE-2025-10294-Poc
https://github[.]com/FixingPhantom/CVE-2025-10294
https://github[.]com/h4xnz/CVE-2025-10294-POC
https://github[.]com/usjnx72726w/CVE-2025-59295/tree/main
https://github[.]com/stalker110119/CVE-2025-59230/tree/main
https://github[.]com/moegameka/CVE-2025-59230
https://github[.]com/DebugFrag/CVE-2025-12596-Exploit
https://github[.]com/themaxlpalfaboy/CVE-2025-54897-LAB
https://github[.]com/DExplo1ted/CVE-2025-54106-POC
https://github[.]com/h4xnz/CVE-2025-55234-POC
https://github[.]com/Hazelooks/CVE-2025-11499-Exploit
https://github[.]com/usjnx72726w/CVE-2025-11499-LAB
https://github[.]com/modhopmarrow1973/CVE-2025-11833-LAB
https://github[.]com/rootreapers/CVE-2025-11499
https://github[.]com/lagerhaker539/CVE-2025-12595-POC

Webrat C2
http://ezc5510min[.]temp[.]swtest[.]ru
http://shopsleta[.]ru

MD5
28a741e9fcd57bd607255d3a4690c82f
a13c3d863e8e2bd7596bac5d41581f6a
61b1fc6ab327e6d3ff5fd3e82b430315

France’s counterespionage agency is investigating a suspected cyberattack plot targeting an international passenger ferry

The post France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry appeared first on SecurityWeek.

The malware provides full device control and real-time surveillance capabilities like those of advanced spyware.

The post New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps appeared first on SecurityWeek.

Strong software engineers who combine their foundational skills with fluency in rapidly emerging AI tools are more valuable than ever. And while AI boosts overall productivity by 34% on average, its widening the gap between top engineers and those considered weaker.

Those are among the findings from Karat, the Seattle-based technical talent evaluation startup, which released its new “AI Workforce Transformation” report on Wednesday, detailing how artificial intelligence tools are changing the way software is developed and what types of workers are most impacted by the technology.

The findings come from Karat’s survey of 400 engineering leaders across the U.S., India, and China. And the report coincides with the release of Karat NextGen, an AI-enabled talent evaluation solution designed to evaluate software engineers in an era of increased human and AI collaboration.

Among the report highlights:

• 73% of leaders now believe a strong engineer is worth at least 3x their total compensation.
• 59% of leaders say weak engineers deliver net zero or negative value in the AI era.
• The top AI use cases for day-to-day work are code generation (83%), and testing, QA, and code review (61%).
• Agentic AI/autonomous engineering agents are highlighted by the majority of leaders as having the highest return on investment.
• Despite cost pressure, 85% of leaders expect engineering headcounts to stay flat or increase over the next three years, signaling that AI isn’t leading to massive job cuts in the near term.
• China is outpacing the U.S. and India in AI adoption and readiness.

Tech companies and workers are still adjusting to the shifting landscape of an AI-fueled industry that has traditionally relied on coders to help build and maintain the backbone of digital platforms.

When Amazon laid off 14,000 corporate employees from its global workforce in October, among the 2,303 impacted Washington state workers, mostly in Seattle and Bellevue, more than 600 were software development engineers.

That trend mirrored layoffs at Microsoft earlier this year, as companies reassess their engineering needs amid the rise of AI-driven coding tools. 

At Amazon’s re:Invent event last week in Las Vegas, AWS executive Colleen Aubrey went beyond discussing how human employees will leverage AI tools, and said instead that it’s time to consider agentic teammates “as essential as the people sitting right next to you.”

According to Karat’s report, beyond foundational skills such as problem-solving, communication, and product sense, engineers need to be assessed for new AI-native abilities, including familiarity with agentic AI; using AI for coding; integrating 3rd-party AI APIs; prompt engineering; and evaluating and mitigating AI-related risks.

Karat’s report found that nearly 70% of engineering leaders plan to strengthen their AI capabilities through strategic hiring. Yet, almost two-thirds of companies still prohibit AI use in interviews, and less than 30% are updating assessments and training interviewers to identify AI-ready talent.

The startup’s NextGen talent evaluation platform features a human + AI interview format where candidates tackle complex, multi-file projects with an integrated AI assistant while collaborating live with Karat’s expert interview engineers, who probe reasoning, trade-offs, and judgment in real time to reveal genuine engineering ability.

Sagnik Nandy, CTO at DocuSign, a Karat customer, said in a news release that while AI is transforming engineering, “the real breakthroughs happen when human judgment and AI capabilities work together” and a way to measure that combination reliably is what’s been missing.

“A human-led, AI-native interview is exactly the kind of solution organizations need to understand who can truly excel in this new model of development,” Nandy said.

Founded in 2014 by Mo Bhende and Jeff Spector, Karat became one of Seattle’s highest-valued startups after it raised $110 million in a Series C round in 2021, which brought its total valuation at the time to $1.1 billion. Total funding to date is $151.6 million.

Karat currently ranks No. 15 on the GeekWire 200, our list of the top startups in the Pacific Northwest.

My last article was about preparing Test environment. I wrote it with this article in mind. Anyone wishing to gain access to someone’s computer has to tempt their victim to install malicious software. Apart from social engineering tricks, methods of preparing such files so that they are undetectable