Dark Reading

260K+ Chrome Users Duped by Fake AI Browser Extensions

The Chrome Web Store has been infested with dozens of malicious browser extensions claiming to provide AI assistant functionality but that secretly are siphoning off personal information from victims.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Why LLMs are plateauing – and what that means for software security

Despite rapid generation of functional code, LLMs are introducing critical, compounding security flaws, posing serious risks for developers.
InfoWorld

Five MCP servers to rule the cloud

The hyperscalers were quick to support AI agents and the Model Context Protocol. Use these official MCP servers from the major cloud providers to automate your cloud operations.

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
The Hacker News

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

ZeroDayRAT is a cross-platform mobile spyware sold on Telegram that enables live surveillance, OTP theft, and financial data theft on infected devices ...

The best hosted endpoint security software of 2026: Expert tested

Endpoint protection and response platforms cover everything from AI-powered ransomware detection to insider risk monitoring.