The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed ...
The Hacker News

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Weekly cybersecurity recap covering emerging threats, fast-moving attacks, critical flaws, and key security developments you ...

What’s a browser-in-browser attack? The key traits to know

This dirty hack can trick people into accidentally sharing sensitive info—like Facebook login credentials. Here’s how to ...

Fake ad blocker extension crashes the browser for ClickFix attacks

A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the ...

Sandworm hackers linked to failed wiper attack on Poland’s energy systems

A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking ...

New Windows Flaw Lets Attackers Bypass Mark of the Web

Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against ...
CSO Online

CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

A malicious extension impersonating an ad blocker forces repeated browser crashes before pushing victims to run ...

Malicious Google Chrome extensions hijack accounts

Malicious Chrome extensions steal login data by impersonating Workday, NetSuite and SAP SuccessFactors platforms, ...

This 'Ad Blocker' Actually Initiates ClickFix Attacks

A malicious ad-blocking extension on Chrome and Edge known as NexShield is using the ClickFix attack to infect devices with a ...