Researchers have identified 16 malicious browser extensions targeting Google Chrome and Microsoft Edge users. These extensions are designed to steal ChatGPT session tokens, granting attackers unauthorized access to users' accounts.

A malicious VSCode extension, "ClawdBot Agent - AI Coding Assistant," was identified on the official Extension Marketplace. This extension, posing as a free AI coding assistant for Moltbot, stealthily deploys malware on compromised systems.

A new Android spyware campaign, identified as GhostChat, is targeting individuals in Pakistan using romance scam tactics. The spyware is disguised as a chat service app that routes conversations through WhatsApp.

CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.

A critical vulnerability in Grist-Core's Pyodide WebAssembly sandbox allows remote code execution (RCE) through malicious spreadsheet formulas. This flaw, with a CVSS score of 9.1, has been patched.

A critical vulnerability, CVE-2026-22709, has been identified in the vm2 Node.js sandbox library, which allows attackers to escape the sandbox and execute arbitrary code on the host system.

Microsoft has released an emergency update to address a critical 0-day bugaffecting Microsoft Office 2016–2024 and Microsoft 365 Apps. This bug is actively exploited in the wild and allows attackers to bypass security features.

A significant identity-theft campaign is actively targeting Okta Single Sign-On (SSO) accounts across over 100 high-value enterprises. The campaign is orchestrated by the SLSH cybercriminal group.

The Linux Kernel has a critical integer overflow vulnerability, identified as CVE-2018-14634, which can be exploited by an unprivileged local user to escalate privileges on the system.

Badbox 2.0 is a China-based botnet that has infected over ten million Android streaming devices. It is known for engaging in advertising fraud and compromising devices through pre-installed malware or malicious apps from unofficial marketplaces.