Warning Issued As Fake Claude Code Installer Attacks Confirmed

A fake Claude code installer can successfully exfiltrate decrypted cookies, passwords and payment methods from Chromium browsers. Here's how.
The Next Web

Agentjacking: a fake bug report can hijack your AI coding agent

Tenet Security's 'Agentjacking' attack turns a fake Sentry error into code running on developer machines. It hijacked Claude Code, Cursor & Codex.
Dark Reading

'InstallFix' Attacks Spread Fake Claude Code Sites

A new variation of the ClickFix technique is capitalizing on the popularity of Anthropic's Claude Code and other AI coding tools. Researchers at Push Security discovered the threat campaign, which ...
Morning Overview on MSN

Hackers just hid their password-stealer inside fake Fortinet security updates — walking off with saved Chrome and Firefox logins from enterprise computers worldwide

A credential-stealing Trojan disguised as a routine Fortinet security patch has been hitting enterprise networks, quietly siphoning saved passwords from Chrome and Firefox on corporate workstations.
InfoWorld

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has uploaded 73 more impersonated links, as its attempt to infect software supply ...
Bleeping Computer

Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker ...

Quishing Surges 146% in Q1 2026 as Attackers Hide Behind the Code

QR code phishing is becoming hard to ignore as attacks grow rapidly. In the first quarter of 2026 alone, "quishing" ...