Security News

The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

March 2, 2026

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026

The Hacker News

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

March 2, 2026

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said. "

SecurityWeek

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

March 2, 2026

Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files. The post Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant appeared first on SecurityWeek .

SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

March 2, 2026

Malicious websites could open a WebSocket connection to localhost on the OpenClaw gateway port, brute force passwords, and take control of the agent. The post OpenClaw Vulnerability Allowed Websites to Hijack AI Agents appeared first on SecurityWeek .

SecurityWeek

Madison Square Garden Data Breach Confirmed Months After Hacker Attack

March 2, 2026

The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign. The post Madison Square Garden Data Breach Confirmed Months After Hacker Attack appeared first on SecurityWeek .

The Hacker News

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

March 2, 2026

This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady

SecurityWeek

Nick Andersen Appointed Acting Director of CISA

March 2, 2026

Madhu Gottumukkala has been assigned to a new role within the Department of Homeland Security. The post Nick Andersen Appointed Acting Director of CISA appeared first on SecurityWeek .

SecurityWeek

AWS Expands Security Hub Into a Cross-Domain Security Platform

March 2, 2026

The AWS Security Hub Extended plan aims to reduce security tool sprawl by correlating findings across multiple security domains. The post AWS Expands Security Hub Into a Cross-Domain Security Platform appeared first on SecurityWeek .

The Hacker News

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

March 2, 2026

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If

SecurityWeek

North Korean APT Targets Air-Gapped Systems in Recent Campaign

March 2, 2026

Using Windows shortcut files, the APT deployed a new implant, a loader, a propagation tool, and two backdoors. The post North Korean APT Targets Air-Gapped Systems in Recent Campaign appeared first on SecurityWeek .

SecurityWeek

Google Working Towards Quantum-Safe Chrome HTTPS Certificates

March 2, 2026

The internet giant is developing an evolution of the certificates based on Merkle Tree Certificates (MTCs). The post Google Working Towards Quantum-Safe Chrome HTTPS Certificates appeared first on SecurityWeek .

SecurityWeek

US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates

March 2, 2026

Both sides conduct hacking and other attacks, including the deployment of wiper malware, DDoS, and disruptions to critical infrastructure. The post US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates appeared first on SecurityWeek .

The Hacker News

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

March 2, 2026

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. "Protection mechanism failure in MSHTML Framework allows an unauthorized

The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

March 2, 2026

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and

SecurityWeek

Hackers Weaponize Claude Code in Mexican Government Cyberattack

March 1, 2026

The AI was abused to write exploits, create tools, and automatically exfiltrate over 150GB of data. The post Hackers Weaponize Claude Code in Mexican Government Cyberattack appeared first on SecurityWeek .

The Hacker News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

February 28, 2026

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented," Oasis

SecurityWeek

Canadian Tire Data Breach Impacts 38 Million Accounts

February 28, 2026

Names, addresses, email addresses, phone numbers, and encrypted passwords were compromised in the attack. The post Canadian Tire Data Breach Impacts 38 Million Accounts appeared first on SecurityWeek .

The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

February 28, 2026

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like

The Hacker News

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

February 28, 2026

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons," the

The Hacker News

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

February 27, 2026

The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. "Criminal

The Hacker News

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

February 27, 2026

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. The non-profit entity said the compromises are likely

The Hacker News

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

February 27, 2026

Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, but injects malicious code that's responsible for exfiltrating secrets entered via terminal password

The Hacker News

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

February 27, 2026

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware

The Hacker News

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

February 27, 2026

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar," the Microsoft Threat Intelligence team said in a post on X. "This downloader used PowerShell

The Hacker News

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams

February 27, 2026

Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended, related accounts have been disabled, and the website domain names used to pull off the scams have been blocked. Concurrently, the social

The Hacker News

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

February 26, 2026

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain," Qrator Labs said in a report shared with The

The Hacker News

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

February 26, 2026

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. "Dohdoor utilizes the DNS-over-HTTPS (DoH)

The Hacker News

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

February 26, 2026

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to. AI-powered command

The Hacker News

Expert Recommends: Prepare for PQC Right Now

February 26, 2026

Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The era of the cloud brought general availability of

The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

February 26, 2026

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code

The Hacker News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

February 26, 2026

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by a user named

The Hacker News

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

February 26, 2026

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain

The Hacker News

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

February 25, 2026

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"

The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

February 25, 2026

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing

The Hacker News

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

February 25, 2026

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to

The Hacker News

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

February 25, 2026

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through. So where does triage go wrong? Here are five triage

The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

February 25, 2026

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.

The Hacker News

Manual Processes Are Putting National Security at Risk

February 25, 2026

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is a systemic

The Hacker News

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

February 25, 2026

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams

The Hacker News

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

February 25, 2026

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary

The Hacker News

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

February 25, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute

The Hacker News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

February 24, 2026

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a

The Hacker News

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

February 24, 2026

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional

The Hacker News

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

February 24, 2026

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be

The Hacker News

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

February 24, 2026

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare

The Hacker News

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

February 24, 2026

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several

The Hacker News

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

February 24, 2026

Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms

The Hacker News

APT28 Targeted European Entities Using Webhook-Based Macro Malware

February 23, 2026

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. "The campaign relies on basic tooling and the exploitation of legitimate services

The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

February 23, 2026

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim

The Hacker News

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

February 23, 2026

Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools

The Hacker News

How Exposed Endpoints Increase Risk Across LLM Infrastructure

February 23, 2026

As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in

The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

February 23, 2026

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded

The Hacker News

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

February 23, 2026

The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share

The Hacker News

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

February 21, 2026

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate

The Hacker News

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

February 21, 2026

Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted

The Hacker News

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

February 21, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code

The Hacker News

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

February 21, 2026

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite,

The Hacker News

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

February 20, 2026

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the

The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

February 20, 2026

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI

The Hacker News

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

February 20, 2026

Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage

Bleeping Computer

Fake Instagram hacking tool leading to scams and malware

August 10, 2020

Fake Instagram hacking tool leading to scams and malware

Bleeping Computer

Google search results redirect to a Tech Support Scam

June 7, 2019

Google search results for "Lowes" redirecting to a Tech Support Scam

Bleeping Computer

PoC of Now-Patched Google Photos Vulnerability That Let Hackers Track Your Location History

March 20, 2019

PoC from Imperva for the Now-Patched Google Photos vulnerability that let hackers track your location history.

Bleeping Computer

Fake eBay Ad in Google Search Results Leads to Tech Support Scam

March 19, 2019

An advertising campaign pretending to be eBay has been discovered in the Google search results that leads to a Tech Support Scam.

Bleeping Computer

Exploiting a Remote Desktop Connection path traversal issue in the shared RDP clipboard

February 5, 2019

A demonstration by Check Point security on exploiting a Remote Desktop Connection path traversal issue in the shared RDP clipboard. More information about this attack can be found here: https://www.bleepingcomputer.com/news/security/rdp-clients-exposed-to-reverse-rdp-attacks-by-major-protocol-issues/

Bleeping Computer

FreeRDP remote code execution attack via RDP connection

February 5, 2019

This video is a demonstration by Check Point security for a FreeRDP remote code execution attack via RDP connection. More information about this attack can be found here: https://www.bleepingcomputer.com/news/security/rdp-clients-exposed-to-reverse-rdp-attacks-by-major-protocol-issues/

Bleeping Computer

MiTM attack in APT Linux Package Manager Demo

January 22, 2019

A Man-in-the-Middle (MiTM) attack in the APT Linux package manager has been discovered that could lead to remote code execution. More info here: https://www.bleepingcomputer.com/news/security/remote-code-execution-bug-patched-in-apt-linux-package-manager/

Bleeping Computer

Moving the text cursor in iOS by holding down any key

November 19, 2018

This is a new trick for us at BleepingComputer, but we just learned today that while editing text, you can hold down any key on the iOS keyboard and use it to easily move the cursor to where you want it.

Bleeping Computer

Google's Cookies Remain After Clearing all Cookies in Chrome 69

September 25, 2018

It has been discovered that when you clear all cookies in Chrome 69, Google authentications will either not be removed or automatically recreated.

Bleeping Computer

CCleaner Forcing Updates to 5.46 Even if Automatic Updates are disabled

September 17, 2018

Over the past week, users are reporting that CCleaner has started to automatically update older version to 5.46 even when automatic updates are disabled.

Bleeping Computer

New CSS+HTML Attack Crashes and Restarts or Resprings an iPhone

September 15, 2018

A new CSS+HTML attack has been discovered that will restart or respring an iPhone simply by visiting a web page hosting the code. This same attack will cause a Mac to freeze briefly and then cause it to slow down until the Safari tab is closed.

Bleeping Computer

Windows ClipBoard Hijacker Swaps out CryptoCurrency Addresses

June 29, 2018

This malware will swap out copied cryptocurrency addresses in Windows with one under their control. This allows them to trick you into sending them money, instead of who you originally intended. More information about the All-Radio 4.27 Portable malware package that installs this: https://www.bleepingcomputer.com/news/security/all-radio-427-portable-cant-be-removed-then-your-pc-is-severely-infected/

Bleeping Computer

WinDynamicDesktop on Windows 10 Demonstration

June 22, 2018

This video shows how the WinDynamicDesktop on Windows 10. Notice how the scene's lighting changes as day progresses. More info here: https://www.bleepingcomputer.com/news/software/windynamicdesktop-brings-the-macos-dynamic-desktop-feature-to-windows-10/

Bleeping Computer

Sneaky Miner Trojan Terminates Itself if Certain Games and Tools Are Detected

June 11, 2018

A new miner trojan monitors for certain game and tool processes and terminates itself when it detects them. You can read the full article here: https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/ Hash: https://www.virustotal.com/#/file/a4a31978671830bc95aaac939e0593f6c9de7b9c28e0cc956526e6caff7b3abd/detection

Bleeping Computer

KCW Ransomware Demonstration

April 27, 2018

This video demonstrates a new ransomware from a hacking group named Kerala Cyber Warriors that is targeting web sites, encrypting their files, and then demanding a ransom payment to get the files back.