ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
PCMag

Is Your VPN Leaking Data? Here's How to Check and Lock It Down in Seconds

Your VPN is supposed to hide your identity online, but server errors and misconfigured settings can give it away. I'm here to ...

This fake Google Security check can steal your passwords. Here’s how to stay safe

A new phishing campaign is impersonating Google’s account security checks to trick users into installing a malicious web app that steals passwords, passcodes, and other sensitive data directly from ...

LLMs can unmask pseudonymous users at scale with surprising accuracy

If LLMs’ success in deanonymizing people improves, the researchers warn, governments could use the techniques to unmask online critics, corporations could assemble customer profiles for ...

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.
Google Glass Almanac

How North Korean hackers are exploiting blockchain to target crypto users

What makes this campaign so striking is not just the malware, but where it is being stored. By shifting malicious code into ...