macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.
DataBreachToday

A Token Flaw Turned Azure's AI Agent Into a Spy

A misconfiguration in Microsoft's Azure SRE Agent may have allowed any Azure account holder from any company to tap into ...
Infosecurity Magazine

Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet

FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices ...
XDA Developers on MSN

I connected Claude to my terminal, and now it does things I used to script by hand

Claude replaced my entire scripting workflow ...

Salesforce launches Headless 360 to turn its entire platform into infrastructure for AI agents

Salesforce launched Headless 360 at TDX, opening its CRM platform to AI agents through APIs, MCP tools and CLI commands in a ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
The Hacker News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...