ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time ...

Anyone can code now. What will you build?

See how anyone can build a working app or website in minutes — no coding skills required.
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...