Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection...

MAL-2026-4345 Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

Fake Claude Code Installer Targets Developers With Browser Credential Stealer

Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies...

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...

CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.21 to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a sandbox noVNC auxiliary routing mechanism that allowed authentication bypass, potentially...

PT-2026-38230

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.21 through 2026.4.9 Description An authentication bypass exists in the sandbox noVNC helper route, which exposes interactive browser session credentials. This allows attackers to access the noVNC helper route without...

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the sandbox noVNC helper route. An attacker can gain unauthorized access to interactive browser session credentials by bypassing bridge...

CVE-2026-20170

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captur...

Malicious code in pyclogger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b43b78466684583bb9a90ced072406566a033523e3b0d2b9032a4dae763ac84c Package contains an infostealer exfiltrating Discord tokens and saved browser credentials to a hardcoded location. --- Category: MALICIOUS - The campaign has...

MAL-2026-1099 Malicious code in pyclogger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b43b78466684583bb9a90ced072406566a033523e3b0d2b9032a4dae763ac84c Package contains an infostealer exfiltrating Discord tokens and saved browser credentials to a hardcoded location. --- Category: MALICIOUS - The campaign has...

EUVD-2020-29871

Malware in sbrugna...

Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets

Microsoft is calling attention to a novel remote access trojan RAT named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the...

Malicious code in ilovenyxx (PyPI)

The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...

Malicious code in ilovenyxxbait (PyPI)

The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...

SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials

SmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data...

Cookie-Monster - BOF To Steal Browser Cookies & Credentials

Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handles and then filelessly download the target. Once the Cookies/Login Data files are...