Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time ...
The Hacker News

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

A fake Go module posing as golang.org/x/crypto captures terminal passwords, installs SSH persistence, and delivers the ...

LLMs can unmask pseudonymous users at scale with surprising accuracy

If LLMs’ success in deanonymizing people improves, the researchers warn, governments could use the techniques to unmask ...
Nieman Journalism Lab

Why “magic links” and passcodes are taking over news logins

"This is really useful for small publishers who have no business wanting to store a whole bunch of random passwords." ...

Alabama man pleads guilty to hacking, extorting hundreds of women

A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social ...
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data ...

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay ...
Google Glass Almanac

How North Korean hackers are exploiting blockchain to target crypto users

What makes this campaign so striking is not just the malware, but where it is being stored. By shifting malicious code into ...