The Next Web

Agentjacking: a fake bug report can hijack your AI coding agent

Tenet Security's 'Agentjacking' attack turns a fake Sentry error into code running on developer machines. It hijacked Claude Code, Cursor & Codex.

Warning Issued As Fake Claude Code Installer Attacks Confirmed

A fake Claude code installer can successfully exfiltrate decrypted cookies, passwords and payment methods from Chromium browsers. Here's how.
Dark Reading

'InstallFix' Attacks Spread Fake Claude Code Sites

A new variation of the ClickFix technique is capitalizing on the popularity of Anthropic's Claude Code and other AI coding tools. Researchers at Push Security discovered the threat campaign, which ...
来自MSN

Fake Claude Code & OpenClaw AI tools delivering data-stealing malware to developers

AI-powered coding assistants have changed how developers work. However, in the field of cybersecurity, they have also created a new playground for bad actors. Recent reports indicate that hackers are ...
InfoWorld

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has uploaded 73 more impersonated links, as its attempt to infect software supply ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Quishing Surges 146% in Q1 2026 as Attackers Hide Behind the Code

QR code phishing is becoming hard to ignore as attacks grow rapidly. In the first quarter of 2026 alone, "quishing" ...
Bleeping Computer

Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker ...