Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

If you wanted to steal local files from someone using Perplexity's Comet browser, until last month you could just schedule ...
eWeek

OpenAI Scoops DoW Deal After Claude's Big Crash

In a 48-hour whirlwind, President Trump ordered every federal agency to ditch Anthropic's Claude chatbot, with Defense ...
Cybernews

Next.js turf war heating up: Cloudflare’s vibe-coded gambit humbled by critical security bugs

Cloudflare’s experimental AI-built Next.js alternative, vinext, has been released with critical security flaws, escalating a ...
Lincoln Journal Star

From A to Z: Your guide to the Nebraska girls state basketball tournament

From assists to zone defenses, here’s your A-to-Z guide to the girls state basketball tournament. Streaks, sisters, ...
Dark Reading

Bug in Google's Gemini AI Panel Opens Door to Hijacking

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access ...

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that ...
The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

Anthropic acquires AI startup Vercept to enhance Claude’s computer use features

Vercept’s first investor was a Seattle-based startup incubator called AI2 Incubator. The organization started out as a unit ...

Someone built an x86 CPU emulator using pure CSS, for science

The recently unveiled x86CSS project aims to emulate an x86 processor within a web browser. Unlike many other web-based ...