ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
IEEE

9274.1.1-2023 - IEEE Standard for Learning Technology--JavaScript Object Notation (JSON) Data Model Format and Representational State Transfer (RESTful) Web Service for Learner ...

Abstract: This standard is a collaborative effort to improve and standardize the 1.0.3 version Experience Application Programming Interface (xAPI) specification. This Standard describes a JavaScript ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Bleeping Computer

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...
GitHub

TabSearch Browser Hijacker and Adware Program

TabSearch does not serve an explicit legitimate purpose for end users. Instead, its design and behavior align with monetization through advertising and forced redirects. The program changes browser ...
Finextra

Software Bundling and Free Tools: Hidden Hijacker Risks in Financial Workstations

Financial institutions handle huge amounts of confidential data. They require strong security controls year-round. Installing free software may introduce bundled ...
Dark Reading

'ShadyPanda' Hackers Weaponize Millions of Browsers

A sophisticated malware operation has infected 4.3 million Chrome and Edge browser users via malicious browser extensions that masqueraded as legitimate tools for years before being weaponized. The ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as ...
Computerworld

Enterprises should not install OpenAI’s new Atlas browser, analysts warn

The genAI browser from the company that created ChatGPT brings with it security concerns that could hinder widespread corporate adoption. Companies that might be eyeing OpenAI’s new ChatGPT Atlas ...
Dexerto

TwitchCon PC allegedly had malware installed that forced streamer to change all her passwords

Twitch streamer Lululuvely revealed that the PC she used to stream from TwitchCon had a ‘hijacker’ program installed before she used it, potentially compromising her accounts. TwitchCon is Twitch’s ...
IEEE

Hephaistos: A Data Flow Analysis Framework for Identifying Browser Fingerprinting Functions in JavaScript

Abstract: With the increasing sophistication of web technologies in recent years, browser fingerprinting techniques have emerged as a widely used mechanism for uniquely identifying users based on ...