ClickFix Phishing Campaign Hits Global Hotels with Malware
A new ClickFix phishing campaign is sweeping across the hospitality sector, infecting hotel networks with PureRAT malware. Security researchers have uncovered a large-scale campaign impersonating booking platforms like Booking.com and Expedia to compromise hotel administrators and guests alike. The operation leverages social engineering and malware-as-a-service tools, aiming to seize access to hotel extranets, harvest credentials, and conduct fraudulent financial activities.
GlassWorm Malware Returns on OpenVSX with New Extensions
The GlassWorm malware has resurfaced on the OpenVSX registry, signaling a new wave of supply-chain attacks against developers. Only weeks after its first takedown, researchers from Koi Security have discovered three fresh extensions distributing updated variants of the threat. The new malicious uploads: ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs, collectively gathered over 9,000 downloads before their removal. These packages reuse the same
Are AI Browsers a Welcome Innovation or a Security Threat?
The next generation of web browsers doesn’t just open pages, it thinks, reads, and acts. AI browsers are emerging as intelligent companions designed to simplify online tasks, summarise information, and automate repetitive work. For many users, they represent the future of web navigation: effortless, conversational, and deeply personalised. But beneath this polished innovation lies an uncomfortable question. When the browser
Vibe-Coded Malware: Fake VS Code Extension Slips Past Review
A so-called vibe-coded malware incident has reignited concerns about Visual Studio Code’s marketplace security. Security researchers discovered an AI-generated test extension called “susvsex”, created by the publisher “suspublisher18.” Despite an honest description revealing its behavior, the extension was approved on November 5, 2025. It demonstrated data-exfiltration and encryption routines, clearly labeled as experimental, yet it still passed Microsoft’s automated review.
Gootloader Malware Returns Stronger with New Evasion Tricks
After a seven-month silence, Gootloader malware has made a striking return with an upgraded campaign that blends deception and technical precision. Security researchers report that the attackers now rely on fake legal template sites, advanced evasion tricks, and fresh persistence methods to slip past modern defenses. What once began as a simple loader has evolved into a refined infection chain
Miljödata Data Breach Exposes 1.5 Million Records in Sweden
A large-scale cyberattack has shaken Sweden after the Miljödata data breach exposed sensitive information belonging to about 1.5 million people. The incident, affecting a major municipal software supplier, has prompted national investigations by IMY and CERT-SE. How the Breach Happened Miljödata, one of Sweden’s most widely used IT suppliers for municipalities, revealed in late August 2025 that its systems had
SesameOp Exploits OpenAI Assistants API for Covert Control
Microsoft’s latest threat report has revealed a worrying trend: attackers are now using artificial-intelligence platforms as part of their command-and-control systems. The newly discovered SesameOp backdoor abuses the OpenAI Assistants API to hide its activity inside normal network traffic. Instead of relying on custom servers or shady hosting, the operators turned OpenAI’s trusted cloud service into their covert communications channel.
ChatGPT Memory-Based Ads Might Arrive Soon
OpenAI is reportedly exploring ChatGPT memory-based ads, a move that could mark a major shift in how the company monetizes its flagship AI assistant. By leveraging the platform’s new memory feature, OpenAI aims to deliver targeted promotions based on a user’s past interactions, preferences, and context. This concept blends personalization with advertising, a direction reminiscent of Meta’s long-standing business model.
LinkedIn Phishing Campaign Targets Finance Executives
A new LinkedIn phishing campaign is targeting finance executives with fake invitations to join an exclusive board. The attack uses professional pretexts, trusted cloud platforms, and advanced phishing methods to steal login credentials and bypass multi-factor authentication. How this LinkedIn Phishing Campaign Works The campaign begins with a direct message on LinkedIn inviting the target to join the “Executive Board”
NFC Relay Malware Surge Hits Europe: Android Apps Steal Data
A major NFC relay malware surge is hitting Europe, exposing Android users to large-scale payment card theft. Researchers uncovered over 760 malicious apps that exploit the phone’s NFC capabilities to steal credit and debit card data. The attacks are spreading fast, and criminals are now turning the convenience of contactless payments into a gateway for financial fraud. How NFC Relay
