Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
SecurityWeek

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and ...
InfoWorld

The browser is your database: Local-first comes of age

The thick client is making a comeback. Here’s how next-generation local databases like PGlite and RxDB are bringing ...

Princess Polly plans opening at this Central Florida mall

The Gen Z fashion retailer, Princess Polly, plans to open in August at The Mall at Millenia, which has added multiple brands ...
The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

'SNL' takes on Iran attacks and Khamenei killing in cold open

"SNL" kicked off its latest episode with a timely cold open addressing the killing of Supreme Leader Ayatollah Ali Khamenei.

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
Dark Reading

Critical OpenClaw Vulnerability Exposes AI Agent Risks

The now-patched flaw is the latest in a growing string of security issues with the viral AI tool, which has seen rapid adoption among developers.
The Hacker News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...