ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
LayerX found that BioShocking could trick AI browsers into leaking credentials by disguising malicious prompts as game rules.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Chrome has been automatically downloading Gemini Nano (a 4GB AI model) to users' computers without notification or an easy way to prevent it. Alex Valdes from Bellevue, Washington has been pumping ...