💰 Dragon vs Voice In vs Genie 007 — 2026 Reality Check

🐲 Dragon: $300-2500 + discontinued
🗣️ Voice In: $60/year but dictation-only
🧞 Genie 007: £40/year + voice-to-ACTION

The difference?
Voice In types what you say.
Genie 007 DOES what you say.

"Reply professionally" → Actually writes the reply
"Create LinkedIn post" → Done

Dictation is dead. Voice-to-action is the future.

genie007.co.uk

#DragonAlternative #VoiceAI #ChromeExtension

Mojofull (@furoku)

gemini-translator 크롬 확장 기능 업데이트: 팝업 UI를 단순화(번역 ON/OFF 스위치 확대, API 키 입력칸 기본 접힘), Gemini 3.1 Flash-Lite Preview 대응으로 새 모델 추가(요금 $0.25/1M tokens) 및 불필요한 모델 정리. 소스·배포는 GitHub 리포지토리(furoku/gemini-translator).

https://x.com/furoku/status/2029214666405421224

#chromeextension #gemini #translation #opensource

Self-hosted a Linkding instance and used it as a reading list. With its companion extension, Linkding handles websites precisely.

Since I'm using it as a reading list, I vibe coded another companion extension to view my list while browsing. Still vibe polishing it…

#readinglist #linkding #selfhosted #ChromeExtension

Alright team, it's been a pretty active 24 hours in the cyber trenches! We've got a couple of notable breaches, some concerning new malware and AI-related vulnerabilities, and a strong message from the DEF CON community. Let's dive in:

Crypto Heists & Malicious Extensions 💸

- South Korea's National Tax Service made a costly blunder, publicly exposing the mnemonic recovery phrase of a seized crypto wallet in a press release, leading to the theft of $4.8 million in Pre-Retogeum (PRTG) tokens. This highlights a critical lack of basic understanding of virtual asset security by authorities.
- The "QuickLens - Search Screen with Google Lens" Chrome extension, with around 7,000 users, was compromised after a change of ownership. A malicious update introduced ClickFix attacks (fake Google Update prompts) and info-stealing functionality, targeting crypto wallets (MetaMask, Phantom, etc.) and credentials, with macOS users potentially hit by the AMOS infostealer.
- If you've used QuickLens, remove it, scan your device, reset passwords, and move crypto funds to a new wallet immediately.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/

New Malware & AI Agent Vulnerabilities 🤖

- A new Windows RAT called Steaelite is being sold on cybercrime forums, offering an all-in-one solution for double extortion attacks. It bundles ransomware, data theft, credential/crypto stealers, and live surveillance, with automated data harvesting kicking in the moment a victim connects. An Android module is also reportedly in development.
- The OpenClaw AI agent ecosystem is facing significant security scrutiny. A high-severity "ClawJacked" flaw (fixed in v2026.2.25) allowed malicious websites to hijack local AI agents by brute-forcing gateway passwords via WebSocket and silently registering as trusted devices.
- Beyond "ClawJacked," the OpenClaw ecosystem has seen multiple other vulnerabilities (RCE, command injection, SSRF, auth bypass, path traversal) and a surge in malicious skills on ClawHub, used to distribute infostealers like Atomic Stealer and facilitate crypto scams. Microsoft advises treating OpenClaw as untrusted code and deploying it only in isolated environments.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
📰 The Hacker News | https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html

Google Cloud API Key Exposure 🔒

- Truffle Security found nearly 3,000 Google Cloud API keys, originally intended for billing or benign services like embedded maps, could be abused to authenticate to sensitive Gemini endpoints.
- This occurs when the Gemini API is enabled on a Google Cloud project, silently granting existing API keys (even publicly exposed ones) access to Gemini, allowing attackers to access uploaded files, cached data, and rack up huge LLM-usage bills.
- Google has implemented proactive measures to detect and block leaked keys, but users are strongly advised to audit their Google Cloud projects, check for enabled AI-related APIs, and rotate any publicly accessible keys, especially older ones.

📰 The Hacker News | https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html

Cyber Policy & Community Frustration 🏛️

- The DEF CON community, particularly figures like Jake Braun, is expressing significant frustration with governments' inability to effectively address major societal threats: cybercrime, AI, and authoritarianism. The annual Hacker's Almanack highlights hackers stepping up to secure critical infrastructure and fight back against cybercriminals and oppressive regimes.
- There's a growing concern about the accelerating power of AI for offensive hacking, with calls for industry-wide security controls for AI, similar to CIS Critical Security Controls.
- In a separate but related development, the Pentagon has designated AI firm Anthropic as a "supply chain risk" due to an impasse over the company's refusal to allow its Claude AI model to be used for mass domestic surveillance or fully autonomous weapons. This highlights a growing tension between AI ethics and military applications, with OpenAI reportedly taking a different stance with the DoD.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/28/def_con_jake_braun_fed_up_govt/
📰 The Hacker News | https://thehackernews.com/2026/02/pentagon-designates-anthropic-supply.html

#CyberSecurity #ThreatIntelligence #Ransomware #Malware #RAT #AI #Vulnerability #APISecurity #CloudSecurity #CryptoSecurity #ChromeExtension #SupplyChainRisk #DEFCON #InfoSec #CyberAttack #IncidentResponse