AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Google Zero-Day Alert For 3.5 Billion Chrome Users—Attacks Underway

Google has confirmed an emergency Chrome security update amid reports that attackers are exploiting two zero-day vulnerabilities.
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

This Chrome extension alerts you when other extensions get hijacked

"Under New Management" keeps an eye on the Chrome Web Store, looking for new developer names that show up when extensions are sold off.

Popular Chrome extension "Save Image as Type" was hijacked, impacting over 1 million users

Google delisted the image conversion tool earlier this month, but not before it had likely been modifying thousands of users' ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
Microsoft

Help on the line: How a Microsoft Teams support call led to compromise

Read the new Microsoft Cyberattack Series report to learn more about on how deception and trusted tools can enable ...
Opinion

One Furious Judge Just Laid Out Exactly How Trump and Bondi Are Wrecking the DOJ

Donald Trump’s Department of Justice faced one of its harshest judicial rebukes so far, at an explosive Monday hearing that laid bare the disturbing incompetence and contempt currently plaguing the ...
The Hacker News

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple fixes WebKit CVE-2026-20643 in iOS 26.3.1, macOS 26.3.2 using background patches, reducing exploit risk.