❌

Normal view

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

15 July 2026 at 15:30
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet's own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

15 July 2026 at 10:55
Open a repository in CursorΒ on Windows and, if a file namedΒ git.exeΒ is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open. No prompt

❌