The Hacker News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Archive.today under fire, again ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
LIVE

US and Israel carry out joint attack on Iran as Tehran launches retaliatory strikes

US President Donald Trump has called for regime change in Iran and said "major combat operations" are under way.

Iran leadership sites targeted by US and Israel as Tehran retaliates with strikes across region

US President Donald Trump says "major combat operations" are under way, and calls for Iranians to rise up and "take over your ...

Ukrainian family denied UK asylum told to block out bombs with headphones

Thousands of Ukrainians were welcomed to the UK in 2022 after Russia invaded. But Home Office figures show there has since ...

Overcoming history: how Putin's war in Ukraine has forced Germany to shrug off its past

Once derided for only supplying Ukraine with helmets, Berlin is now Ukraine's biggest military supporter, and most Germans ...
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...
Cybernews

Malicious NPM package racks up 50,000 infections in days, developers fully compromised

A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...