ALL POSTS

Key Findings: A new scam is targeting users by mimicking CAPTCHA verification systems The attack is an evolved version of the ClickFix attacks from early 2025 targeting restaurant bookings The multi-stage infection starts with a fake CAPTCHA, then triggers a PowerShell script to download malware The malware, known as an infostealer, targets cryptocurrency wallets, browser login data, and other sensitive information Background This research, shared with Hackread.com, indicates

Key Findings Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim's OpenClaw configuration environment. The incident marks a significant evolution in infostealer behavior, transitioning from stealing browser credentials to targeting the identities, settings, and "digital souls" of personal AI agents. The stolen files included openclaw.json with gateway tokens, device.json containing private cryptographic keys, and "soul" and memory file

Key Findings: Microsoft warns that info-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments. Attackers are leveraging cross-platform languages like Python and abusing trusted platforms to distribute infostealer malware at scale. Background Since late 2025, Microsoft has observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix-style prompts and malicious DMG installers. These campaigns deploy macO