WinBuzzer

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

Vibe Coding Has A Massive Security Problem

Vibe coding apps ship with alarming security flaws. What founders need to know about AI-generated code vulnerabilities in ...
CNET

I Get My Password Manager for Free. Here’s How You Can Get One That's Cheap or Free

I use 1Password, and I don’t pay for it. The company provides complimentary accounts to journalists, not for us to evaluate the product and write about it, but as part of a program aimed at helping ...
The Hacker News

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat landscape.

New ‘Perseus’ Android malware checks user notes for secrets

A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery ...