Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.
The post ForceMemo: Python Repositories Compromised in GlassWorm Aftermath appeared first on SecurityWeek.
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync.
“Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate the implications of running
“Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate the implications of running
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team.
The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware
The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware
Hacking Attempt Reported at Poland’s Nuclear Research Center
Initial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag.
The post Hacking Attempt Reported at Poland’s Nuclear Research Center appeared first on SecurityWeek.
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API.
The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.
AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened
The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.
AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened
OpenAI says ChatGPT ads are not rolling out globally for now
OpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy. […]
Betterleaks, a new open-source secrets scanner to replace Gitleaks
A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. […]
Loblaw Data Breach Impacts Customer Information
Personal information such as names, email addresses, and phone numbers was accessed by hackers.
The post Loblaw Data Breach Impacts Customer Information appeared first on SecurityWeek.
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. […]
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
China’s National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent.
In a post shared on WeChat, CNCERT noted that the platform’s “inherently weak default security configurations,” coupled with its
In a post shared on WeChat, CNCERT noted that the platform’s “inherently weak default security configurations,” coupled with its