Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
GitHub

url.parse: builtin for parsing URIs (RFC 3986)

OPA has urlquery.encode/decode for query strings but nothing to break a full URL into parts. If I need to check a hostname or scheme, I'm stuck with regex, which isn't great for security-sensitive ...