Dark Reading

Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for ...

Fake CAPTCHA pages are tricking users into installing malware

The hackers use fake CAPTCHA pages—which are designed to mimic standard security checks—to trick users into installing malicious software (“Stealthy StealC Information Stealer”) via keyboard commands.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Dark Reading

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
The Hacker News

From Exposure to Exploitation: How AI Collapses Your Response Window

AI compresses cyberattack timelines—32% of flaws exploited day-zero, phishing up 1,265%, forcing shift to CTEM defense models.