SecurityWeek

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.
Indiatimes

Wikipedia blacklists website that hijacked users’ computers to run hacking attack

English-language edition of Wikipedia has reportedly banned Archive.today website after the archive site was found to direct a Distributed Denial of Service (DDoS) attack against a blog. Wikipedia ...
CoinDesk

Bonk.fun hacked: Domain hijacked, crypto drainer planted

The operator, known as Tom, said only users who signed a fake terms-of-service message on the compromised site after the breach were affected.
PCMag Australia

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Vandalize Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed to replace articles with Russian text.

Bonk.fun users at risk after hackers hijack domain to deploy wallet drainer

Users of the Solana-based memecoin launchpad Bonk.fun were urged to avoid the platform’s website after attackers compromised ...

npmx package browser released as alpha to fix pain of using npmjs

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...
CPO Magazine

Security Research Finds OpenClaw AI Agent “Trivially Vulnerable” to Hijacking

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...
CoinTelegraph

‘ClickFix’ hackers pose as VCs, hijack QuickLens in latest crypto attacks

The ClickFix technique gained popularity among crypto hackers last year, but security researchers have been tracking it since 2024, with targets spanning several industries. Crypto hackers attempting ...