Dark Reading

Bug in Google's Gemini AI Panel Opens Door to Hijacking

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources ...
SecurityWeek

Hackers Weaponize Claude Code in Mexican Government Cyberattack

A threat actor has weaponized Anthropic’s Claude Code to breach the Mexican government’s systems and steal over 150GB of data ...

How payment fraud evolved from ancient Roman coins to AI-deepfakes — and what's next

Although AI has introduced a new threat in the world of payments fraud, it has also emerged as the analytical backbone of next-generation fraud mitigation systems.

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...

CAPTCHA test scam hijacks victim’s data in the most ‘diabolical’ way — here’s how to spot a ‘ClickFix’ attack

Techsperts are warning users about a sneaky new calendar scam, in which cybercrooks have figured out a sneaky way to blast iPhones and iPads with bogus alerts in order to hack their personal info.
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Archive.today under fire, again ...
The Hacker News

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Researchers show AI assistants can act as stealth C2 proxies, enabling malware communication, evasion, and runtime attack ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.