The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.

The latest YouTube error message isn't a bug, it's another ad blocker crackdown

The issue spans regions, affecting viewers across multiple countries and triggering variants of the message, such as "content not available in your country." ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
PCMag

This One Browser Setting Could Be Handing Hackers Your Credit Card

Browsers make it easy to save payment info, but that convenience opens the door to malware, breaches, and data theft. We tell you what to do instead.