ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Archive.today under fire, again ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Google uncovers iOS exploit kit used in crypto phishing attacks

The Google Threat Intelligence Group says it found an iPhone exploit kit that could crack the device and sniff out crypto wallets, apps and seed phrases to steal funds.

Hackers Used New Exploit Kit to Compromise Thousands of iPhones

Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime.
SecurityWeek

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

The Coruna exploit kit has 23 exploits targeting iOS devices, previously used in Russian attacks and now in cybercrime ...

US says 'firepower over Iran to surge dramatically' as Israel bombards Beirut and Tehran

Meanwhile, President Donald Trump has told a White House event the US is striking Iranian drone and missile systems "every ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

Ukrainian family denied UK asylum told to block out bombs with headphones

Thousands of Ukrainians were welcomed to the UK in 2022 after Russia invaded. But Home Office figures show there has since ...