North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
SecurityWeek

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

More than 300 Chrome extensions were found to be leaking browser data, spying on users, or stealing user information.
Computing

European Commission breached - investigating mobile hack

The European Commission is investigating a data breach after finding evidence of a cyberattack against its mobile ...

Critical n8n flaws disclosed along with public exploits

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.
The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in v2026.1.29.
HackadayOpinion

How Vibe Coding Is Killing Open Source

Does vibe coding risk destroying the Open Source ecosystem? According to a pre-print paper by a number of high-profile ...
SecurityWeek

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.
dlnews

A16z Crypto wants DeFi to ditch ‘code is law’ for ‘spec is law’ to combat $649m exploit problem

DeFi protocols must adopt a more principled approach to security to mature. They could use standardised specifications that constrain what a protocol is allowed to do. Many protocols are already ...