New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
XDA Developers on MSN

I love Proxmox community scripts, but a single command executes 8 remote scripts as root

Do you know what your Proxmox server is actually running?
IEEE

A Novel Server-side Aggregation Strategy for Federated Learning in Non-IID situations

Abstract: Federated learning has been a promising distributed machine learning approach in many fields like e-economic, autodriving and medical imaging for its privacy-aware manner. However, ...