Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
GitHub

A minimalist JavaScript user script loader and manager for modern browsers.

In order to use this extension, you need Chrome 120 or above, and developer mode enabled. You need to write the metadata as comments at the beginning of the script, refer to the example for the format ...
MacRumors

iOS 26 Adoption Hits 50%, But Some Users Are Still Reluctant to Update

iOS 26 adoption now hovers at around 50%, according to StatCounter, but some users are still cautious about updating. New data published by SellCell provides a look at how users have responded to the ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple ...