QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...
SecurityWeek

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

The Coruna exploit kit has 23 exploits targeting iOS devices, previously used in Russian attacks and now in cybercrime ...

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 ...
CPO Magazine

Security Research Finds OpenClaw AI Agent “Trivially Vulnerable” to Hijacking

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Archive.today under fire, again ...

Iran wants this conflict to spread but may there be another tactic - more fearsome and intimidating

Some wars start slowly while others spring to life at speed. This one is racing, transforming nations, politics and loyalties ...

Iran war: Why is Russia not coming to Tehran's aid?

The beleaguered Iranian regime, with very few international allies, has been counting on Moscow's support amid the ongoing US ...
The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and surveillance.

UK rejected Ukrainian asylum claim - and told them to try headphones to block out bombs

A Ukrainian family denied asylum in the UK was told by the Home Office that they could relocate within Ukraine and their ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...