CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...
The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...

Authorities Warn “Harmless-Looking” Packages Could Contain Dangerous Materials and Here’s What to Watch for

You should treat any unexpected package with caution, even if it looks innocent. Dangerous substances and malicious content increasingly come disguised in candy bags, toy boxes, souvenir items, and ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
Visual Studio Magazine

VS Code v1.110 Insiders: AI Agents Gain Native Browser Access and Global Instructions

The VS Code 1.110 cycle is putting more 'hands-on' capabilities into chat, led by native browser integration that lets AI agents interact with page elements, capture screenshots, and pull real-time ...
The Hacker News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and crypto scams.

Builderius WordPress Page Builder Integrates Claude AI

Builderius page builder announced an experimental AI integration that can read and apply changes directly inside the builder.

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages ...

DOJ to release nearly 50K removed Epstein files after review

The Justice Department says it has not permanently removed Jeffrey Epstein files, but took some down to redact sensitive information.

The U.S. Released the Epstein Files. The Arrests Are Overseas.

While the latest tranche of documents about the sex offender Jeffrey Epstein has exposed a deeply American scandal, it is ...

Justice Dept. employee charged in child pornography case

Timothy Parsons, a legal staffer at the U.S. Attorney's Office in Washington, D.C., is facing federal criminal charges in Maryland, where he lives, three sources said.