Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
MIT Technology Review

The Meta hack shows there’s more to AI security than Mythos

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
SecurityWeek

Gemini Voice Assistant Hijacked via Messaging Notifications

A vulnerability in Google’s Gemini voice assistant that could have allowed attackers to hijack the AI using messaging ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...
Android

Instagram Users Still Getting Hacked After Meta’s Promised AI Bot Exploit Fix

Despite official claims that a critical Meta AI support chatbot vulnerability had been resolved, reports confirm that hackers are still actively hijacking Instagram accounts. High-profile victims, ...
PCMag on MSN

OpenAI Rolls Out Lockdown Mode to Fight Prompt Injection Attacks

The new feature promises increased protection against these types of attacks, but you'll have to sacrifice a lot of functionality, including live web browsing and image retrieval from the web.