CSO Online

OAuth vulnerability in n8n automation platform could lead to system compromise

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, ...

NCERT Warns Pakistan’s Mission-Critical Govt Apps Are Easy Targets for Hackers

The National Computer Emergency Response Team has issued a new advisory warning about persistent application security weaknesses that continue to expose ...

This fake Google security check can steal your passwords. Here’s how to stay safe

A new phishing campaign is impersonating Google’s account security checks to trick users into installing a malicious web app ...
The Hacker News

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft reveals ClickFix campaign abusing Windows Terminal to deliver Lumma Stealer and steal browser credentials.

Google uncovers iOS exploit kit used in crypto phishing attacks

The Google Threat Intelligence Group says it found an iPhone exploit kit that could crack the device and sniff out crypto wallets, apps and seed phrases to steal funds.
PCMag

Phony Claude Code Install Guides Trick Vibe Coders Into Installing Malware

Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.