A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets.
Initial access is obtained through the ClickFix technique by hijacking the clipboard and tricking the user into executing a malicious PowerShell command.
According to researchers at cybersecurity company Gen Digital, Torg Grabber is actively developed, with 334 unique samples compiled in three months (between December 2025 and February 2026) and new command-and-control (C2) servers registered every week.
Construction, non-profits, real estate, manufacturing, financial services, healthcare, legal, and government are some of the prominent sectors targeted as part of the campaign.
“What also makes this campaign unusual is not just the device code phishing techniques involved, but the variety of techniques observed,” the company said. “Construction bid lures, landing page code generation, DocuSign impersonation, voicemail notifications, and abuse of Microsoft Forms pages are all hitting the same victim pool through the same Railway.com IP infrastructure.”
Device code phishing refers to a technique that exploits the OAuth device authorization flow to grant the attacker persistent access tokens, which can then be used to seize control of victim accounts. What’s significant about this attack method is that the tokens remain valid even after the account’s password is reset.
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks.
The developer collaboration platform says that the move is meant to uncover security issues “in areas that are difficult to support with traditional static analysis alone.”
CodeQL will continue to provide deep semantic analysis for supported languages, while AI detections will provide broader coverage for Shell/Bash, Dockerfiles, Terraform, PHP, and other ecosystems.
Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores.
According to eCommerce security company Sansec, hackers started exploiting the critical PolyShell issue en masse last week, just two days after public disclosure.
“Mass exploitation of PolyShell started on March 19th, and Sansec has now found PolyShell attacks on 56.7% of all vulnerable stores,” Sansec says.
Drugs that inhibit KRAS signaling delay the development of pancreatic cancer in mice.
Learn more in a new SciencePerspective.
Benjamin G. Neel and Anirban Maitra Authors Info & Affiliations
Science.
Ruhi Polara, PhD, who led the research alongside Robinson, further commented, “Essentially, CD47 is shielding ROBO2, allowing it to accumulate and drive tumor progression. When we remove CD47, ROBO2 is degraded, and the cancer cells lose their ability to grow and invade effectively.”
The findings reveal a previously unknown molecular pathway—CD47–ITCH–ROBO2—that controls how glioblastoma cells behave. This opens up new possibilities for treatment strategies that go beyond current approaches. While therapies targeting CD47 are already being tested in clinical trials for other cancers, they have shown limited success in glioblastoma so far. The new research suggests that directly targeting the CD47–ROBO2 pathway, or disrupting the stabilisation of ROBO2, could be a more effective strategy. “In summary, our study reveals a role of CD47 in regulating cellular plasticity suggesting that targeting ROBO2 could offer a promising alternative therapeutic strategy for GBM,” they stated.
“By understanding this mechanism, we now have new targets to explore,” Polara said. “This could lead to the development of therapies that specifically block the tumor’s ability to spread, which is one of the biggest challenges in treating glioblastoma.”