Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages ...

Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware

Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.

Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran

After U.S. and Israeli forces started bombing Iran, reports say cyber operations have disrupted communications, supporting surveillance activities, and have been used in psychological operations.
The Hacker News

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.
PCMag on MSN

This iOS 'Exploit' Kit Can Hack Vulnerable iPhones Using 23 Different Attacks

Security researchers discover the 'Coruna' exploit kit running on malicious Chinese websites that were able to secretly hack ...