Fake CAPTCHA pages are tricking users into installing malware

The hackers use fake CAPTCHA pages—which are designed to mimic standard security checks—to trick users into installing malicious software (“Stealthy StealC Information Stealer”) via keyboard commands.
Dark Reading

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

30 fake AI Chrome extensions caught stealing passwords and more

Security experts have uncovered dangerous Chrome extensions that promise or impersonate AI tools to steal sensitive data.

The Rise of Credential Stuffing Attacks

Credential stuffing attacks use stolen passwords to log in at scale. Learn how they work, why they’re rising, and how to defend with stronger authentication.

Why LLMs are plateauing – and what that means for software security

AI coding assistants and agentic workflows represent the future of software development and will continue to evolve at a rapid pace. But while LLMs have become adept at generating functionally correct ...