Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
Hackaday

This Week In Security: Getting Back Up To Speed

Over the course of nearly 300 posts, Jonathan Bennett set a very high bar for this column, so we knew it needed to be placed in the hands of somebody who could do it justice.
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...
Control Global

Smart data dependency

Smart, as its name implies, requires lots of data from a range of sources and types. For example, smart cities require data ...
Opinion
Foreign AffairsOpinion

Will China Overplay Its Hand?

At the end of this month, U.S. President Donald Trump is scheduled to visit China for a major summit with Chinese leader Xi Jinping, the first of what may be as many as four meetings between the two ...

Google uncovers iPhone exploit kit targeting crypto wallet seed phrases

Security researchers have uncovered a hacking toolkit designed to compromise Apple iPhones and steal cryptocurrency wallet ...
CPO Magazine

Security Research Finds OpenClaw AI Agent “Trivially Vulnerable” to Hijacking

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...
Foreign Affairs

China’s AI Arsenal

At China’s Victory Day parade in September 2025, it was not the marching troops or rolling tanks that made headlines, but the next-generation weapons systems on display. Uncrewed ground vehicles, ...