Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...

Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

When Hackers Leverage AI: Defending What You Don’t Know Is Exposed

These days, defending what you don’t know is exposed could define the difference between resilience and regret.
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

Leaked government-grade iPhone hacking tools now used to steal crypto and data from users

According to new technical analyses from Google and mobile security firm iVerify, Coruna's technical core comprises five complete exploit chains and 23 distinct iOS vulnerabilities that ...
Cybernews

AI agents are too easy to fool, with websites now littered with hidden “system override” commands

Researchers at Unit 42, a security arm of Palo Alto Networks, have documented real-world attacks, and they’re as dumb as it gets. Hidden text on websites simply asks AI to “ignore previous ...