infosecintel – Curated Information Security Articles and Threat Intelligence News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

March 9, 2026

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloadedRead More »Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity M&A Roundup: 42 Deals Announced in February 2026

March 9, 2026

Significant cybersecurity M&A deals announced by Check Point, Booz Allen, Proofpoint, Sophos, Palo Alto Networks, and Zscaler. The post Cybersecurity M&A Roundup: 42 Deals Announced in February 2026 appeared first on SecurityWeek.

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

March 9, 2026

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonymsRead More »UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

March 9, 2026

Another week in cybersecurity. Another week of “you’ve got to be kidding me.” Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That’s kind of just how it goes now. The good news? There were some actualRead More »⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

ClickFix Attack Uses Windows Terminal to Evade Detection

March 9, 2026

Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek.

Internet Infrastructure TLD .arpa Abused in Phishing Attacks

March 9, 2026

Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare. The post Internet Infrastructure TLD .arpa Abused in Phishing Attacks appeared first on SecurityWeek.

Can the Security Platform Finally Deliver for the Mid-Market?

March 9, 2026

Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive —Read More »Can the Security Platform Finally Deliver for the Mid-Market?

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign

March 9, 2026

Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. The post Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign appeared first on SecurityWeek.

New Attack Against Wi-Fi

March 9, 2026

It’s called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driverRead More »New Attack Against Wi-Fi

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

March 9, 2026

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named “[email protected]” (BuildMelon), are listed belowRead More »Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft