QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Archive.today under fire, again ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

Israel and Iran launch fresh attacks after Iran's Supreme Leader Khamenei killed

Israel says it is targeting sites "in the heart of Tehran", as new Iranian attacks are reported in Tel Aviv, Dubai, Doha and Bahrain's capital Manama.

UK rejected Ukrainian asylum claim - and told them to try headphones to block out bombs

A Ukrainian family denied asylum in the UK was told by the Home Office that they could relocate within Ukraine and their ...

Overcoming history: how Putin's war in Ukraine has forced Germany to shrug off its past

Once derided for only supplying Ukraine with helmets, Berlin is now Ukraine's biggest military supporter, and most Germans ...
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...
Cybernews

Malicious NPM package racks up 50,000 infections in days, developers fully compromised

A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...