The Hacker News

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Researchers show GAN-trained phishing pages can trick Perplexity’s Comet AI browser in under four minutes, exposing a new AI-targeted attack surface.
CSOonline

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence. A newly uncovered ...
ZDNet

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Browser activity is involved in nearly half of all cybersecurity incidents. Attack vectors include malicious links, credential-harvesting scripts, and content injection. Following these key best ...
TechRepublic

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware. The attack relies on compromised websites that ...
Bleeping Computer

CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups

CTM360 reports that more than 4,000 malicious Google Groups and 3,500 Google-hosted URLs are being used in an active malware campaign targeting global organizations. The attackers abuse Google’s ...
Lifehacker

Your Browser's Extensions May Be Reading Your Passwords

Jake Peterson is Lifehacker’s Tech Editor, and has been covering tech news and how-tos for nearly a decade. His team covers all things technology, including AI, smartphones, computers, game consoles, ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...
AppleInsider

Infostealer malware database exposes millions of iCloud and email passwords

A publicly accessible database containing more than 149 million usernames and passwords was discovered, and before it was taken offline, it included logins from 900,000 iCloud users. The database ...
TechRepublic

Data Leak Exposes 149M Logins, Including Gmail, Facebook

Jeremiah Fowler, a veteran security researcher, recently stumbled upon 149,404,754 unique logins and passwords, totaling about 96GB of raw data. There was no encryption… and it didn’t even have a ...
PC Magazine

1Password Adds a Second Line of Phishing Defense to Its Browser Extension

Password-manager service 1Password won’t let you get past the paste command if it spots a phishing-scam site in your browser. This addition to the firm’s browser extension provides a software fix for ...
Fox News

Malicious Chrome extensions caught stealing sensitive data

Chrome extensions are supposed to make your browser more useful, but they've quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered ...
PC World

Zoom users, beware: These browser extensions are spying on you

PCWorld reports that 18 malicious browser extensions linked to Chinese hacker group DarkSpectre are stealing sensitive Zoom meeting data from users. These dangerous extensions have been downloaded 2.2 ...