The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
GitHub

MatthieuLepers/mcd-save-editor

💡 Optimize asset handling 🚀 Fast HMR for renderer processes 🔥 Hot reloading for main process and preload scripts 🔌 Easy to debug 🔒 Compile to v8 ...

New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
PCMag

Using Browser Extensions to Translate or Download Videos? Better Check They're Not One of These 17 Malicious Add-Ons

The most popular malicious extension, dubbed Google Translate in Right Click, was downloaded more than 500,000 times from app ...
vg247

Steal The Brainrot Fortnite codes for January 2026

26th January 2026: We added new Steal The Brainrot codes. If you've played another astoundingly popular Brainrot game bearing a similar title, you'll probably feel right at home playing Fortnite ...
Microsoft

From runtime risk to real‑time defense: Securing AI agents

Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration.

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.