Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages ...

US says 'firepower over Iran to surge dramatically' as Israel bombards Beirut and Tehran

Meanwhile, President Donald Trump has told a White House event the US is striking Iranian drone and missile systems "every ...
PCMag UK

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Vandalize Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed ...
CPO Magazine

Security Research Finds OpenClaw AI Agent “Trivially Vulnerable” to Hijacking

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...
The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 ...

AI Agents Broke Your Security Stack. Here’s What Comes Next

Shreyans Mehta is the cofounder and CTO of Cequence Security, a pioneer of unified application and API protection.

More than 60 sick babies linked to toxic baby formula

The UK Health Security Agency has confirmed it is investigating more than 60 cases of babies falling ill after being fed ...
The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.
Security Boulevard

N8N: Shared Credentials and Account Takeover

Executive Summary We identified a security weakness in n8n’s credential management layer that could have completely ...

Google uncovers iOS exploit kit used in crypto phishing attacks

The Google Threat Intelligence Group says it found an iPhone exploit kit that could crack the device and sniff out crypto wallets, apps and seed phrases to steal funds.