❌

Reading view

Critical React Native Metro dev server bug under attack as researchers scream into the void

Too slow react-ion time

Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers.…

  •  

DIY AI bot farm OpenClaw is a security 'dumpster fire'

Your own personal Jarvis. A bot to hear your prayers. A bot that cares. Just not about keeping you safe

OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is delivering some shocking bills.…

  •  

Notepad++ hijacking blamed on Chinese Lotus Blossom crew behind Chrysalis backdoor

The group targets telecoms, critical infrastructure - all the usual high-value orgs

Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.…

  •  
❌