Passkeys, Police Partnerships, and a Fresh Wave of Mobile Threats: This Week’s Security Roundup

Hey everyone – quite a week for security news, and I wanted to share some thoughts on a few stories that caught my attention. We’ve got everything from the ongoing passkey transition to Amazon backing down from a controversial surveillance partnership, plus some nasty new threats targeting our mobile devices.

The Passkey Transition Gets Real (And Compliance-Focused)

The shift from passwords to passkeys isn’t just a nice-to-have anymore – it’s becoming a compliance necessity. A recent piece from BleepingComputer dives into how organizations are navigating passkey adoption while staying aligned with ISO 27001 requirements.

AI Assistants Are the New Gold Mine for Cybercriminals

You know how we’ve all been watching AI adoption explode across organizations? Well, the bad actors have been watching too, and they’re adapting faster than we might have expected. This week brought some sobering reminders that our shiny new AI tools are creating fresh attack surfaces we’re still learning to defend.

OpenClaw Becomes a Target

The biggest eye-opener has to be the discovery that infostealers are now specifically hunting for OpenClaw secrets. If you haven’t worked with OpenClaw yet, it’s become the go-to agentic AI assistant framework for a lot of organizations. The problem? Like most AI tools, it relies heavily on API keys and authentication tokens to function.

When Good Intentions Meet Bad Laws: Why Security Research Needs Better Legal Protection

Last week’s arrest of a Dutch man who discovered police data exposed online perfectly captures one of our field’s most frustrating contradictions. While we’re telling organizations to embrace responsible disclosure and work with security researchers, the legal system keeps treating discovery as a crime.

The Dutch Data Dilemma

Here’s what happened: Dutch police accidentally made confidential documents publicly accessible online. A 40-year-old man found them, downloaded the files, and then made a critical mistake—he asked for “something in return” before agreeing to delete them. The authorities arrested him.

Password Managers Under Fire and Why Your SME Clients Can’t Hide in Plain Sight

I’ve been digging through this week’s security news, and honestly, it feels like we’re watching some of our fundamental assumptions get challenged. Between password managers showing cracks in their armor and small businesses still thinking they’re invisible to attackers, there’s a lot to unpack here.

Password Managers: The Tools We Trust Most Are Getting Tested

Let’s start with what might be the most unsettling news for those of us who’ve been preaching the password manager gospel. Researchers just published findings showing that major cloud-based password managers—including Bitwarden, Dashlane, and LastPass—are vulnerable to password recovery attacks under specific conditions.

Password Managers Under Fire While AI Agents Become New Infostealer Targets

I’ve been digging through this week’s security news, and there are some concerning developments that hit close to home for those of us managing enterprise security. The most troubling story involves fundamental flaws in password managers - the very tools we’ve been recommending to users for years.

Password Manager Encryption Claims Fall Apart

Security researchers have been poking holes in the end-to-end encryption claims of several popular commercial password managers, according to Infosecurity Magazine. While the article doesn’t name specific vendors yet, the implications are serious enough that we need to pay attention.

Chrome Extension Malware Hits 300K Users While Microsoft Preps Major Security Boot Update

I’ve been tracking some interesting developments this week that really highlight how attackers are getting creative with their delivery methods. The biggest story that caught my attention involves a massive Chrome extension campaign that managed to fool over 300,000 users – and it’s a perfect example of how threat actors are riding the AI hype wave.

AI-Themed Extensions Hide Credential Theft Operation

Here’s what happened: security researchers discovered 30 malicious Chrome extensions masquerading as AI assistants that were actively stealing credentials, email content, and browsing data from users. What makes this particularly concerning is the scale – we’re talking about more than 300,000 installations across these fake extensions.

AI Apps Become the New Malware Highway: What Mac Users Need to Know

I’ve been watching something troubling unfold over the past few weeks, and it’s time we talk about how cybercriminals are weaponizing our enthusiasm for AI tools. The latest campaigns targeting both Windows and Mac users show a sophisticated shift in attack vectors that caught my attention – and should be on your radar too.

The AI App Trojan Horse

Here’s what’s happening: The AMOS infostealer is now targeting macOS users through popular AI applications, essentially turning our excitement about AI productivity tools into a security vulnerability. This isn’t just another malware campaign – it’s a calculated exploitation of user behavior and trust.

ClickFix Attacks Hit Crypto Users While Zero-Days Target Government Infrastructure

I’ve been tracking some concerning attack patterns this week that show how creative threat actors are getting with their delivery methods. The most interesting case involves attackers using Pastebin comments to distribute what researchers are calling “ClickFix” attacks specifically targeting cryptocurrency users.

The Pastebin Problem Gets Worse

Here’s how the ClickFix attack works: threat actors are posting malicious JavaScript in Pastebin comments, disguised as helpful fixes for common crypto wallet issues. When users copy and paste this code into their browser console (thinking they’re fixing a legitimate problem), they’re actually executing malware that hijacks Bitcoin swap transactions and redirects funds to attacker-controlled wallets.

DNS Becomes the New Backdoor: ClickFix Attacks Get Creative While Google Groups Harbor Malware

We’ve seen social engineering attacks get increasingly sophisticated over the years, but the latest evolution of ClickFix campaigns caught my attention this week. Microsoft disclosed that threat actors are now using DNS queries as a delivery mechanism for malware – and honestly, it’s both clever and concerning.

When nslookup Becomes a Weapon

The traditional ClickFix attack has been around for a while. You know the drill: users get tricked into copying and pasting commands that supposedly fix a fake technical issue. What’s new here is how attackers are using the humble nslookup command to pull down PowerShell payloads directly through DNS queries.

When Zero-Days Rain Down: February’s Patch Tuesday Shows Why We Can’t Have Nice Things

It’s been one of those weeks where I’ve lost count of how many times I’ve muttered “of course it is” while reading security alerts. Between Microsoft’s six actively exploited zero-days, Apple’s “extremely sophisticated attack,” and a WordPress plugin that’s basically handing out RCE access like Halloween candy, February is shaping up to be a month that’ll keep us all busy.