The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
SecurityWeek

ClickFix Attack Uses Windows Terminal to Evade Detection

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.
PCMag on MSN

This iOS 'Exploit' Kit Can Hack Vulnerable iPhones Using 23 Different Attacks

Security researchers discover the 'Coruna' exploit kit running on malicious Chinese websites that were able to secretly hack vulnerable iPhones running iOS 13 to 17.2.1.