Cybersecurity researchers have uncovered a campaign distributing malware through fake installers for OpenClaw, a popular AI agent platform. The attack leveraged both GitHub hosting and AI-generated search results to increase credibility and reach potential victims. Security analysts at Huntress discovered the operation after investigating an infected system. The user had searched for “OpenClaw Windows” using

Continue Reading

Google is developing a new technical approach designed to help keep secure websites protected as computing technology evolves. HTTPS is the security system that protects information sent between a user’s browser and a website. When you see the padlock icon in your browser’s address bar, it means that connection is encrypted, or scrambled, so outsiders

Continue Reading

New academic research reveals that a core Wi-Fi security feature relied upon by home, enterprise, and public networks can be bypassed in practice — even when modern encryption is enabled. The study, AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks, shows that client isolation, a mechanism meant to prevent Wi-Fi users from attacking one

Continue Reading

Recent research by Check Point Research has uncovered critical vulnerabilities in Anthropic’s Claude Code, highlighting a growing and often overlooked risk in modern AI-powered development tools: configuration files that quietly cross the line from passive settings into active execution. The flaws allowed attackers to execute arbitrary commands and steal authenticated API keys simply by convincing

Continue Reading

Security researchers are increasingly warning that cyberattacks no longer rely on obvious malware or suspicious downloads. Instead, many modern campaigns succeed by blending into routine, trusted workflows, the everyday actions people perform at work without a second thought. Recent research highlights how effective this approach has become. Across very different attack scenarios, the same strategy

Continue Reading

Have I Been Pwned, a security service website, has added CarGurus to its data breach database, confirming that the automotive marketplace was impacted by a data leak affecting over 12 million accounts. According to Have I Been Pwned (HIBP), the breach occurred in February 2026 and is attributed to the extortion-focused threat actor ShinyHunters. After

Continue Reading

SolarWinds has released Serv-U 15.5.4 with patches for multiple critical vulnerabilities as well as feature parity improvements in File Share amongst other updates. Serv-U is commonly deployed in managed file transfer contexts, which often sit close to sensitive data paths and identity systems. Critical RCE conditions in that posture warrant high urgency—especially for internet-exposed instances.

Continue Reading

Mental health apps are increasingly handling data that looks a lot like medical records mood logs, CBT notes, medication schedules, and in some cases indicators of self-harm. And new research by mobile security firm Oversecured and reported by BleepingComputer suggests parts of this ecosystem still aren’t treating that information with the level of security it

Continue Reading