Researchers found insecure bootstrap scripts in legacy Python packages that could allow attackers to exploit a domain takeover. The scripts fetch an outdated installation package from a now-available domain, which poses a risk of executing malicious code. Some affected packages have removed the scripts, but others, like slapos.core, still include them.

SolyxImmortal is a Python-based malware designed to steal sensitive information from Windows users. It collects credentials, documents, and keystrokes while maintaining a low profile by using Discord webhooks for data exfiltration. The malware ensures persistence on infected systems without requiring administrative privileges.

Cybersecurity researchers uncovered a campaign using malicious Blender files to deliver the StealC V2 information stealer. Users download infected .blend files from sites like CGTrader, which execute harmful scripts when opened, compromising their data. The attack takes advantage of Blender's Auto Run feature, allowing attackers to bypass security measures.

Microsoft identified an updated ClickFix campaign that disrupts users' browsers and tricks them into executing harmful commands. This variant uses social engineering and exploits native Windows utilities to deliver a Python RAT payload while evading traditional detection methods.

Malicious packages on the Python Package Index (PyPI) have been identified that deliver the SilentSync remote access Trojan (RAT) to unsuspecting users. These packages exploit the trust developers place in PyPI for downloading dependencies, highlighting the need for vigilance and security measures in the Python ecosystem.

The MCP server facilitates basic static triage of PE files using a large language model (LLM). Users can create markdown reports summarizing their analysis by providing sample paths and adjusting configuration settings in the triage.py script. The setup requires installing dependencies and includes features like integration with VT/AnyRun/Sandbox and hash lookups.

A Python proof-of-concept script allows users to dump sensitive files such as SAM, SYSTEM, and NTDS.dit from a physical disk without triggering security alerts by bypassing standard Windows file APIs. It operates by directly reading NTFS filesystem structures, obfuscating the output with XOR encryption to avoid detection by EDR/AV systems. This tool is intended for educational purposes only and should be used in a controlled test environment.