Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
The Hacker News

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Google fixes actively exploited Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw enabling sandboxed remote code execution.
Decrypt

$3.85 Million in Ethereum From Mixin Network Hack Sent to Tornado Cash

A wallet linked to the $200 million exploit of Mixin in 2023 woke after nearly two years and moved funds to coin mixer ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.
SecurityWeek

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

More than 300 Chrome extensions were found to be leaking browser data, spying on users, or stealing user information.