ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence. A newly uncovered ...

Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...

Researchers show GAN-trained phishing pages can trick Perplexity’s Comet AI browser in under four minutes, exposing a new AI-targeted attack surface.

Chrome users have been warned that an tool claiming to search the screen with Google Lens was, in fact, a credential stealer. What you need to know.

Browser activity is involved in nearly half of all cybersecurity incidents. Attack vectors include malicious links, credential-harvesting scripts, and content injection. Following these key best ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

I’ve used Bitwarden for years, and for a long time I felt pretty good about that decision. I wasn’t reusing passwords, I had strong, unique logins everywhere, and I wasn’t relying on my browser to ...

Zenity researchers uncovered PleaseFix, a zero-click indirect prompt injection flaw in Comet browser Malicious calendar invites could trick the AI into exfiltrating ...