Security

Google Introduces Merkle Tree Certificates to Support Quantum Resistant HTTPS in Chrome

Google has unveiled a new initiative within its Chrome browser aimed at strengthening HTTPS security against the long term threat of quantum computing. The move represents a significant step toward building a quantum-resistant internet without sacrificing speed or scalability. In a statement from the Chrome Secure Web and Networking Team, Google clarified that it does […]

Google Introduces Merkle Tree Certificates to Support Quantum Resistant HTTPS in Chrome Read More »

Apple Tests End to End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Apple has rolled out a new developer beta of iOS and iPadOS that introduces end-to-end encryption, E2EE, for Rich Communication Services (RCS) messaging. The capability is currently available in iOS 26.4 and iPadOS 26.4 beta builds and is expected to reach general users in a future software release across iOS, iPadOS, macOS, and watchOS. In its

Apple Tests End to End Encrypted RCS Messaging in iOS 26.4 Developer Beta Read More »

Microsoft Warns of Python Infostealers Targeting macOS Through Fake Ads and Installers

Microsoft has issued a warning that information stealing malware campaigns are rapidly expanding beyond Windows systems and increasingly targeting Apple macOS environments. According to the company, attackers are using cross platform programming languages such as Python and abusing trusted advertising and software distribution platforms to scale these attacks. Researchers from the Microsoft Defender Security Research

Microsoft Warns of Python Infostealers Targeting macOS Through Fake Ads and Installers Read More »

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata

Cybersecurity researchers have revealed a serious vulnerability affecting Ask Gordon, the AI assistant integrated into Docker Desktop and Docker CLI, that could allow attackers to execute code and steal sensitive information. The flaw, dubbed DockerDash by Noma Labs, was fixed in Docker version 4.50.0 released in November 2025. How DockerDash Works According to Sasi Levi, lead security researcher

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata Read More »

Researchers Discover 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

A recent security audit of ClawHub, the marketplace for OpenClaw skills, has uncovered 341 malicious skills among 2,857 reviewed entries, revealing new supply chain threats for OpenClaw users. The analysis was conducted by Koi Security with the assistance of an OpenClaw bot named Alex. ClawHub is designed to help OpenClaw users discover and install third-party

Researchers Discover 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users Read More »

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link

A critical security vulnerability has been identified in OpenClaw, previously known as Clawdbot and Moltbot, that enables attackers to Customer Cabinetachieve remote code execution by tricking users into clicking a specially crafted link. The flaw has been assigned CVE-2026-25253 and carries a high CVSS score of 8.8. The issue was resolved in OpenClaw version 2026.1.29,

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link Read More »

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The official update infrastructure of Notepad++ was compromised in a highly targeted cyber operation, resulting in malware being delivered to select users. The project’s lead developer, Don Ho, confirmed that the incident was caused by a hosting level breach rather than a flaw in the Notepad++ source code itself. According to Ho, attackers gained control

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users Read More »

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm

Cybersecurity researchers have uncovered a supply chain attack targeting the Open VSX Registry, where unknown threat actors compromised a legitimate developer account to distribute malicious updates through trusted extensions. According to Socket security researcher Kirill Boychenko, on January 30, 2026, four well established Open VSX extensions published by a developer identified as “oorzc” were updated

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm Read More »

Fake Moltbot AI Coding Assistant on VS Code Marketplace Distributes Malware

Cybersecurity researchers have uncovered a malicious Visual Studio Code extension that impersonated Moltbot, previously known as Clawdbot, and secretly installed malware on developer systems. The fake extension was distributed through Microsoft’s official VS Code Marketplace and falsely advertised itself as a free AI powered coding assistant. The extension, listed as “ClawdBot Agent, AI Coding Assistant” with the

Fake Moltbot AI Coding Assistant on VS Code Marketplace Distributes Malware Read More »

Russian ELECTRUM Linked to December 2025 Cyber Attack on Polish Power Grid

A coordinated cyber attack that struck multiple locations across the Polish power grid in late December 2025 has been attributed, with medium confidence, to a Russian state sponsored threat group known as ELECTRUM. Operational technology security firm Dragos revealed the findings in a newly published intelligence brief, describing the incident as the first large scale cyber attack focused on distributed energy

Russian ELECTRUM Linked to December 2025 Cyber Attack on Polish Power Grid Read More »