Fake Claude Code Installers on Google Sites Steal AI API Keys
June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password
Identity and Access Management
Fake Claude Code Installers on Google Sites Steal AI API Keys
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Fake Chrome Web Store DMCA Notices Target Extension Developers
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
Meta AI Chatbot Flaw Lets Attackers Hijack Instagram Accounts
A confused deputy flaw in Meta's AI support chatbot let attackers hijack Instagram accounts including @obamawhitehouse, Sephora, and U.S. Space Force.
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized devices.
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized devices.
Meta AI Chatbot Flaw Lets Attackers Hijack Instagram Accounts
A confused deputy flaw in Meta's AI support chatbot let attackers hijack Instagram accounts including @obamawhitehouse, Sephora, and U.S. Space Force.
WP Maps Pro Flaw Exploited to Create Unauthorized Admin Accounts
An unauthenticated privilege escalation flaw in WP Maps Pro, a WordPress plugin with 15,000 paid sites, is actively exploited to create unauthorized administrator accounts.
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Fake Chrome Web Store DMCA Notices Target Extension Developers
June 4, 2026
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
June 3, 2026
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft
Meta AI Chatbot Flaw Lets Attackers Hijack Instagram Accounts
June 2, 2026
A confused deputy flaw in Meta’s AI support chatbot let attackers hijack Instagram accounts including @obamawhitehouse, Sephora, and U.S. Space
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
June 2, 2026
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
June 2, 2026
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized
Meta AI Chatbot Flaw Lets Attackers Hijack Instagram Accounts
June 2, 2026
A confused deputy flaw in Meta’s AI support chatbot let attackers hijack Instagram accounts including @obamawhitehouse, Sephora, and U.S. Space
WP Maps Pro Flaw Exploited to Create Unauthorized Admin Accounts
June 1, 2026
An unauthenticated privilege escalation flaw in WP Maps Pro, a WordPress plugin with 15,000 paid sites, is actively exploited to
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
June 1, 2026
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
June 1, 2026
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.