09 Jul, 2026

Opera rolls out Paste Protect feature to fight ClickFix attacks

Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. ClickFix is a widely used technique where victims are deceived into copying dangerous code or commands to the clipboard and then executing them in the command-line interface. Typically, the ruse is a verification process or some […]

3 mins read

Hola Browser for Windows compromised to deliver cryptominer

The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. The compromise was uncovered during periodic certification checks on Hola Browser as part of its AppEsteem certification testing procedure, which it had previously passed. Hola is an Israeli […]

2 mins read

DAEMON Tools trojanized in supply-chain attack to deploy backdoor

Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. The supply-chain attack led to thousands of infections in more than 100 countries. However, second-stage payloads were deployed only to a dozen machines, indicating a targeted attack aimed […]

3 mins read

Proton launches new “Meet” privacy-focused conferencing platform

Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. Meet provides end-to-end encrypted (E2EE) calls to protect the confidentiality of the conversations and does not require a paid plan or even a Proton account to use. It […]

3 mins read

Claude AI finds Vim, Emacs RCE bugs that trigger on file open

Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. The assistant also created multiple versions of proof-of-concept (PoC) exploits, refined them, and provided suggestions to address the security issues. Vim and GNU Emacs are programmable text editors primarily […]

3 mins read

Bitwarden adds support for passkey login on Windows 11

Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager’s vault, enabling phishing-resistant authentication. The new feature is available for all plans, including the free tier, and allows logging into Windows by selecting the security key option and scanning a QR code with a mobile device to confirm access to the passkey […]

2 mins read

Google Chrome shifts to two-week release cycle for increased stability

Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. With the release of Chrome 153 on September 8, Google will start shipping two new stable versions of the browser every month, breaking the long-standing schedule developers followed since 2021. The new […]

2 mins read

Notepad++ boosts update security with ‘double-lock’ mechanism

Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. The new mechanism landed in Notepad++ version 8.9.2, announced yesterday, although work on it began in version 8.8.9 with implementing the verification of the signed installer from GitHub. The second part of the […]

2 mins read

Bitwarden introduces ‘Cupid Vault’ for secure password sharing

Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. Cupid Vault works by allowing users of the free version of Bitwarden to create a 2-person shared vault called an ‘Organization’. Other users can access the logins inside the Organization space with credentials assigned by the owner […]

2 mins read

Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374

An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. The CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a newly emerging threat. Not all CISA KEVs signal urgency Recent coverage of CVE-2025-59374 has framed the […]

4 mins read