The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
The Hacker News

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...
The Guardian Nigeria

Telegram crypto games: How bots and mini-apps changed gaming

Telegram crypto games are expanding through bots, mini-apps and TON-based payments, reshaping distribution and digital ...

Builderius WordPress Page Builder Integrates Claude AI

Builderius page builder announced an experimental AI integration that can read and apply changes directly inside the builder.

Here's which Austin-area schools opted in to the state's voucher program

Dozens of campuses in Austin and hundreds across Texas have opted into the state's new Education Freedom Accounts program.
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...
Visual Studio Magazine

VS Code v1.110 Insiders: AI Agents Gain Native Browser Access and Global Instructions

The VS Code 1.110 cycle is putting more 'hands-on' capabilities into chat, led by native browser integration that lets AI agents interact with page elements, capture screenshots, and pull real-time ...

Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...
The Register-Herald

FBI serves search warrants at Los Angeles school district headquarters and superintendent’s home

The FBI is serving search warrants at the Los Angeles Unified School District’s headquarters and the superintendent’s home.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.