Bad CAPTCHA in the wild tricks Mac users into installing malware through Terminal

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
The Hacker News

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Critical Chrome Security Flaws Threaten Billions of Users Worldwide

Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious ...
CSO Online

ClickFix techniques evolve in new infostealer campaigns

Recent social engineering schemes involving WordPress and Microsoft’s Windows Terminal show that this relatively basic tactic ...
Cinema Blend

Amazon MGM's Voltron Movie: What We Know So Far About The Sci-Fi Film, Including A New Release Window

Fans, like me, have been waiting to see a live-action Voltron movie become a reality for... well, forever, it seems like. It looks like we'll be waiting a little bit longer than I hoped, but we do ...