Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

Ontario takes control of eighth school board as education minister cites mismanagement

Ontario’s education minister placed an eighth school board under supervision Thursday due to what he calls significant ...

Deno 2.7 sharpens Node.js compatibility and stabilizes Temporal

Version 2.7 of the runtime for JavaScript and TypeScript stabilizes the Temporal API, introduces npm overrides, and ...

Why I was surprised by Reeves's keep calm and carry on approach to her forecast

Rachel Reeves took the approach of 'keep calm and carry on' for her forecast, but the war in Iran made the occasion all ...

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
CPO Magazine

Security Research Finds OpenClaw AI Agent “Trivially Vulnerable” to Hijacking

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

Someone built an x86 CPU emulator using pure CSS, for science

The recently unveiled x86CSS project aims to emulate an x86 processor within a web browser. Unlike many other web-based ...

Kaspersky dismisses claims Coruna iPhone exploit kit is connected to NSA-linked operation

Follows suggestions iPhone-pwning toolset bears hallmarks of zero-days that targeted Russian diplomats Russian cybersecurity outfit Kaspersky is waving away claims that an iPhone exploit kit recently ...
The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
SecurityWeek

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

The Coruna exploit kit has 23 exploits targeting iOS devices, previously used in Russian attacks and now in cybercrime ...