网络安全资讯

Researchers at Mozilla's Zero Day Investigative Network (0DIN) have disclosed a novel attack technique that exploits agentic AI coding tools, demonstrating how a seemingly benign G...

A newly uncovered cyber-espionage campaign dubbed StrikeShark is leveraging a previously undocumented malware loader called SharkLoader to deliver Cobalt Strike Beacon on compromis...

A Chinese-speaking advanced persistent threat (APT) actor tracked as CL-STA-1062 has been linked to a newly discovered custom backdoor called TinyRCT, deployed in a sustained cyber...

Cybersecurity researchers at Socket have uncovered a new wave of the Mini Shai-Hulud, Miasma, and Hades malware campaign, this time targeting npm packages associated with LeoPlatfo...

Microsoft has disclosed an active phishing campaign targeting hotel and hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP archives to delive...

A widely used Google Chrome ad-blocking extension, Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), carries a dormant capability to inject arbitrary Jav...

Security researchers at SentinelOne have uncovered a previously undocumented Rust-based macOS implant dubbed Gaslight, attributed with high confidence to North Korea-aligned threat...

A coordinated international law enforcement operation, backed by private-sector partners Bitdefender, Bitsight, ESET, and Microsoft, has disrupted the infrastructure behind the Ama...

Symantec researchers have uncovered a new stealthy backdoor dubbed "Mistic" being deployed by KongTuke (also tracked as Woodgnat), a financially motivated initial access broker act...

Cybersecurity researchers at JFrog have uncovered three malicious npm packages designed to deliver a Windows-based remote access trojan (RAT) to developers who install them. Publis...

Security researchers at Kaspersky have uncovered an active social engineering campaign abusing WhatsApp Direct Messages to distribute heavily obfuscated VBScript files disguised as...

Multiple premium WordPress plugins from ShapedPlugin were compromised in a sophisticated supply chain attack after unknown threat actors tampered with the vendor's official release...

Elastic Security Labs has uncovered a new campaign, tracked as REF8372, that delivers the CastleStealer information-stealing malware through a previously undocumented loader called...

Canada's Security Intelligence Service (CSIS) executed a first-of-its-kind threat reduction warrant to neutralize two foreign-run botnets operating from infected servers, SOHO rout...

A newly identified ransomware operation dubbed ‘Prinz Eugen’ is turning heads in the cybersecurity community for an unusual encryption strategy: prioritizing recently modified file...

Microsoft has attributed the recent Mastra AI supply chain attack—which compromised more than 140 npm packages—to Sapphire Sleet, a North Korean state-sponsored threat group also t...

The Gentlemen ransomware-as-a-service (RaaS) operation has emerged as one of the most technically agile cybercrime crews since launching in March 2025, according to ESET researcher...

In a significant blow against one of the web's most persistent malware distribution networks, Dutch law enforcement, working alongside the FBI, the Royal Canadian Mounted Police, a...

The Gentlemen ransomware-as-a-service (RaaS) operation is actively maintaining a sophisticated suite of endpoint detection and response (EDR) killers to help its affiliates evade d...

A cluster of 23 deceptive Chrome browser extensions has been uncovered routing user searches through monetization middleware before delivering results, exposing roughly 758,000 aff...

Microsoft's Defender Security Research Team has disclosed details of a sophisticated Windows-based cryptocurrency clipper campaign that has been active since February 2026. The mal...

INC Ransomware has cemented its position as one of the most prolific ransomware-as-a-service (RaaS) operations in 2026, claiming more than 830 victims since its emergence in August...

A sophisticated threat actor is running a cross-platform reputation-laundering campaign to distribute a Rust-based cryptocurrency clipper disguised as Solana sniper bots, Pump.fun ...

INC Ransomware has emerged as one of the most operationally disciplined ransomware groups active in 2024-2025, achieving consistent success not through novel exploit chains or zero...

A French-speaking threat actor tracked as "Poisson" compromised a small French automotive business and demonstrated a persistence technique that survived the loss of his command-an...

Cybersecurity researchers at Aikido Security have uncovered a coordinated malware campaign on the JetBrains Marketplace involving at least 15 malicious plugins designed to steal ar...

A single compromised npm contributor account ("ehindero") was used to mass-publish more than 144 malicious packages across the @mastra/* scope on June 17, 2026, in an 88-minute aut...

Cybersecurity researchers from Morphisec, BlueVoyant, and Huntress have independently identified a wave of ClickFix social engineering campaigns distributing three new malware load...

At least 15 malicious plugins discovered on the JetBrains Marketplace have been stealing AI API keys from developers in a coordinated supply chain campaign that has accumulated clo...

Security researchers at Zimperium's zLabs have uncovered a new Android banking trojan dubbed Rokarolla, named after its command-and-control infrastructure. The malware targets 217 ...

A newly disclosed technique dubbed GhostTree exploits a little-known feature of the Windows NTFS file system to conceal malware from security scanners. By creating recursive direct...

Cybersecurity researchers at ESET have uncovered two previously undocumented Windows variants of SprySOCKS, a backdoor long believed to operate exclusively on Linux systems. Intern...

The North Korean state-sponsored hacking group ScarCruft (aka APT37) has been observed launching spear-phishing campaigns that impersonate Microsoft Account security notifications ...

Proofpoint researchers Saher Naumaan and Carlos Rubio have documented a new wave of activity from the North Korean state-aligned threat cluster tracked as Contagious Interview (als...

Cybersecurity researchers at Socket have uncovered a sprawling network of 152 Google Chrome extensions posing as live wallpaper and new tab add-ons that covertly distribute a poten...

A coordinated supply chain attack compromised JavaScript files served by three popular WordPress plugins—PushEngage, OptinMonster, and TrustPulse—turning trusted scripts into vecto...

Cybersecurity researchers at Group-IB have exposed a sprawling social engineering campaign operated through Sniper Dz, a turnkey phishing-as-a-service (PhaaS) platform dismantled l...

GitHub has announced that NPM 12, expected to release in July, will no longer execute dependency scripts by default, a significant security overhaul aimed at neutralizing the wave ...

In a sweeping supply chain attack dubbed Atomic Arch, threat actors compromised more than 400 packages in the Arch User Repository (AUR) between June 11 and June 12, rewriting buil...

A Ukrainian national extradited from Ireland to the United States has pleaded guilty to conspiracy to commit wire fraud for his role in the Conti ransomware operation, the U.S. Dep...

More than 400 packages in the Arch User Repository (AUR) have been compromised to distribute a Linux rootkit and infostealer malware designed to harvest developer credentials, acce...

A new deep-dive into The Gentlemen ransomware operation reveals that the financially motivated threat group has claimed 478 victims since emerging in March 2025, and now operates a...

The latest threat intelligence roundup reveals a staggering expansion of the identity-based attack economy, with Flashpoint reporting that infostealer infections on more than 11.1 ...

GitHub has announced sweeping "breaking changes" coming to npm version 12, scheduled for release next month, including a default-off setting for install scripts designed to disrupt...

Cybersecurity researchers at Lumen's Black Lotus Labs have identified a significant resurgence of JDY, a covert China-linked botnet that has expanded to over 1,500 compromised smal...

Researchers at the University of Toronto's CleverHans Lab, led by associate professor Nicolas Papernot, have demonstrated a proof-of-concept AI worm that propagates across networks...

A new supply chain offensive dubbed Hades has compromised 19 packages in the Python Package Index (PyPI), deploying 37 malicious wheel artifacts that silently install a Bun-based c...

New variants of the NFCShare Android malware are spreading through a phishing campaign that impersonates legitimate banking apps, with malicious APKs hosted on public GitHub reposi...

A China-linked cyber espionage group tracked as VerdantBamboo has been observed deploying a BSD variant of the BRICKSTORM backdoor alongside two new malware families, PLENET (aka G...

Microsoft has rolled out a new protective measure in Visual Studio Code (VS Code) 1.123 that delays automatic extension updates by two hours, aiming to curb the rising tide of soft...

Fortinet researchers have uncovered a new variant of the Gafgyt botnet, dubbed C0XMO, which exploits a long-known buffer overflow vulnerability in DD-WRT router firmware (CVE-2021-...

ESET researchers have uncovered a new Android spyware strain dubbed "Asin" that has been actively targeting Arabic-speaking users through a series of malicious apps disguised as le...

Threat actors are actively weaponizing a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin, putting an estimated 4,000 active installations at ...

Cybersecurity researchers and the FBI are sounding the alarm on a massive wave of FIFA-themed fraud targeting World Cup 2026 fans, just days before the June 11 opening match. With ...

The threat actor tracked as PCPJack has compromised at least 230 cloud servers across Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure, converting them into a ...

The Windows version of Hola Browser was compromised in a supply chain attack that pushed an undeclared Monero cryptocurrency miner to a small fraction of users, according to Bleepi...

Cybersecurity researchers at Check Point have uncovered a large-scale SEO poisoning operation that impersonates popular open-source and freeware projects to distribute malware thro...

A state-sponsored cyber-espionage campaign attributed to Pakistan-linked threat actors has been uncovered targeting Afghanistan's Ministry of Finance, leveraging the open-source Xe...

Cybersecurity researchers at Huntress have uncovered a sophisticated malspam campaign that exploits Google's DoubleClick domain to bypass security filters and deliver a remote acce...

Cybersecurity researchers at McAfee Labs have uncovered a malware-as-a-service (MaaS) campaign dubbed Weedhack that has been actively targeting Minecraft players since January 2026...

A large-scale malware-as-a-service operation dubbed WeedHack has infected more than 116,464 systems since January 2026 by targeting Minecraft players with trojanized mods, clients,...

Russian state-sponsored hacking group Gamaredon, officially linked to the Federal Security Service (FSB), has been exploiting a WinRAR path traversal vulnerability (CVE-2025-8088) ...

Researchers at Seqrite Labs have uncovered a spear-phishing campaign dubbed Operation XENOFISCAL, attributed to the Pakistan-aligned SideCopy threat group, which is targeting Afgha...

A new supply chain attack campaign dubbed "Miasma" has compromised multiple @redhat-cloud-services npm packages to steal credentials and secrets from developer machines, ultimately...

More than 30 npm packages under the @redhat-cloud-services namespace were compromised in a sophisticated supply‑chain attack that delivered a new variant of the Shai‑Hulud credenti...

Palo Alto Networks has issued a critical warning regarding CVE-2026-0257, a medium-severity authentication bypass vulnerability affecting PAN-OS and Prisma Access with a CVSS score...

Security researchers at GoDaddy have uncovered a sophisticated WordPress malware campaign that leverages Steam Community profile comments to conceal command-and-control (C2) commun...

Dutch authorities have successfully dismantled a massive botnet infrastructure responsible for enslaving approximately 17 million compromised devices, including computers, tablets,...

Cybersecurity researchers have uncovered a malicious NuGet package disguised as an official C# software development kit for Sicoob, one of Brazil's largest cooperative financial sy...

The Iranian threat actor MuddyWater has been linked to a sophisticated cyber espionage campaign that compromised at least nine organizations across nine countries on four continent...

Threat actors are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980, CVSS 9.4) to compromise over 700 websites across multiple sectors includi...

A coordinated campaign is actively exploiting a critical SQL injection flaw (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript that drives a ClickFix attack flow. Discove...

A sophisticated supply chain attack has compromised the Laravel Lang localization packages, affecting four repositories and potentially hundreds of historical versions. Security re...

The Belarus-aligned threat actor Ghostwriter, also tracked as UAC-0057 and UNC1151, has been observed conducting sophisticated phishing campaigns against Ukrainian government entit...

Jacob Butler, known in cybercrime circles as "Dort," has been arrested in Canada and faces criminal charges in both the United States and Canada for allegedly operating the Kimw...

Cybersecurity researchers from Lumen Technologies Black Lotus Labs have uncovered a sophisticated Linux malware campaign targeting a telecommunications provider in the Middle East ...

GitHub has officially confirmed that the breach of its internal repositories resulted from a compromise of an employee device involving a poisoned version of the Nx Console Microso...

Ukrainian cyberpolice, working in coordination with U.S. law enforcement, have identified an 18-year-old male from Odesa suspected of orchestrating an infostealer malware operation...

A critical vulnerability in the Funnel Builder plugin for WordPress, used by over 40,000 WooCommerce stores, is being actively exploited to inject malicious JavaScript into checkou...

The Belarus-aligned threat group Ghostwriter, also tracked as FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC-0057, Umbral Bison, UNC1151, and White Lynx, has launched a fresh wave...

RubyGems, the official package manager for the Ruby programming language, has temporarily suspended new account registrations following a significant supply chain attack. According...

Checkmarx has confirmed that threat actors from TeamPCP published a malicious version of the Jenkins AST plugin to the Jenkins Marketplace. The compromised version, 2.0.13-829.vc72...

Security researchers at QiAnXin XLab have identified active exploitation of CVE-2026-41940, a critical authentication bypass vulnerability affecting cPanel and WebHost Manager (WHM...

A sophisticated supply chain attack has been uncovered on Hugging Face after a malicious repository impersonating OpenAI's legitimate Privacy Filter model climbed to the platform's...

A sophisticated malvertising campaign is leveraging Google Ads and the public chat‑sharing feature of Anthropic’s Claude.ai to distribute a macOS backdoor. Victims who search for "...

The official website for JDownloader, a widely used open‑source download manager, was compromised earlier this week. Attackers altered the download links for both Windows and Linux...

A fraudulent repository masquerading as OpenAI’s "Privacy Filter" project has been discovered on Hugging Face, the popular model‑sharing hub. The repo, which briefly made the platf...

Security researchers have identified a new self‑propagating threat, named PCPJack, that behaves like a worm while simultaneously purging systems infected by the earlier TeamPCP mal...

Kaspersky researchers have uncovered a convergence between the pro‑Ukraine hacktivist group BO Team and the advanced threat actor Head Mare, revealing that the two have begun shari...

Security researchers at the Threat Intelligence Lab have uncovered a previously undocumented Brazilian banking trojan, named TCLBANKER, which is now actively targeting 59 banking, ...

Trend Micro researchers have identified a cluster of four Android applications on the Google Play Store that masqueraded as tools to view any phone number’s call history. The apps,...

Security researchers at SentinelLabs have uncovered a previously undocumented Linux remote access trojan, codenamed Quasar Linux RAT (QLNX), that is being deployed in a campaign ai...

Cybersecurity researchers have disclosed a previously unknown Linux backdoor called PamDOORa that is being actively advertised on the Russian cybercrime forum Rehub for $1,600 by a...

Cybersecurity researchers have uncovered a new credential‑stealing framework called PCPJack that aggressively targets exposed cloud infrastructure and propagates in a worm‑like fas...

Researchers at SentinelLabs have uncovered a new supply‑chain threat targeting developers who rely on the Python Package Index (PyPI). The campaign, tracked as ‘ZulipSnatch’, consi...

Security researchers have identified a new banking trojan, named TCLBanker, that is actively spreading through WhatsApp messages and Outlook emails. The campaign lures victims with...

Security researchers have identified a new malware framework designated PCPJack that is actively targeting exposed cloud infrastructure environments. The threat operates as a crede...

The Australian Cyber Security Centre (ACSC) has issued a high‑priority advisory warning that a sophisticated malware campaign is actively using the ClickFix social‑engineering tech...

Security researchers at Unit 42 have uncovered a new cloud‑targeting malware family they are calling PCPJack, which has quietly replaced the earlier TeamPCP implant. PCPJack distin...

Security researchers have uncovered a phishing campaign that spoofs the official Anthropic Claude AI portal to distribute a new Windows backdoor dubbed “Beagle.” The fraudulent sit...

Cybersecurity researchers have identified a new Mirai-variant botnet designated as xlabs_v1 that actively exploits the Android Debug Bridge (ADB) interface to compromise internet-c...

Security analysts have uncovered a sophisticated intrusion campaign leveraging the CloudZ remote access trojan (RAT) alongside a previously undocumented plugin called Pheno to targ...

Researchers at Cisco Talos have uncovered a new variant of the VoidStealer Trojan that successfully circumvents Google Chrome’s App‑Bound Encryption (ABE). The malware, tracked as ...

Over the past two decades, a succession of high‑impact incidents has reshaped the cyber risk landscape, forcing organizations to constantly recalibrate their defenses. From the rev...

Security researchers have uncovered a sophisticated cyberattack campaign leveraging the Windows Phone Link application to steal text messages and circumvent two-factor authenticati...

Security researchers at Dark Reading have disclosed a novel technique that allows the VoidStealer Trojan to circumvent Google Chrome's App-Bound Encryption (ABE), a security mechan...

Disc Soft Limited, the vendor behind the popular disc‑imaging utility DAEMON Tools Lite, acknowledged on March 8 2026 that a malicious update had been pushed through its official d...

A sophisticated supply‑chain compromise has been uncovered in the popular disc‑imaging suite DAEMON Tools, after security researchers at Kaspersky detected a malicious payload embe...

Security researchers have linked a newly tracked China‑nexus threat cluster, designated UAT‑8302, to a wave of cyber‑espionage operations targeting government agencies in South Ame...

Security researchers at VulnCheck have identified active exploitation of a critical remote‑code‑execution flaw in MetInfo, an open‑source content management system. The vulnerabili...

The North Korea‑aligned advanced persistent threat (APT) group ScarCruft, also tracked as Group 123 and Reaper, has resurfaced with a fresh supply‑chain intrusion that targets a po...

Security researchers have uncovered a previously undocumented Linux implant, dubbed Quasar Linux (QLNX), that is actively targeting software developers. Discovered during an invest...

On April 8, 2026, Disc Soft Ltd. confirmed that the official DAEMON Tools Pro installer (version 8.0.0.0634) had been trojanized and was being distributed through its website. The ...

Security researchers have uncovered a new variant of the CloudZ remote‑access trojan (RAT) that delivers a previously undocumented plugin named Pheno. This plugin exploits the Micr...

The North Korean threat group APT37, also tracked as ScarCruft, has been observed delivering an Android variant of its BirdCall backdoor through a supply‑chain compromise of a popu...

Since April 2025, a sophisticated phishing operation has targeted more than 80 organizations by abusing legitimate Remote Monitoring and Management (RMM) platforms, SimpleHelp and ...

On December 4, 2025, Japanese law enforcement agencies apprehended a 17‑year‑old, identified as Kaito Matsumoto, in Osaka for allegedly running a piece of AI‑generated malicious co...

The China-based advanced persistent threat (APT) group Silver Fox, also tracked as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne, has launched a sophi...

Security researchers at Volexity have uncovered a sophisticated phishing campaign leveraging legitimate remote monitoring and management (RMM) tools to maintain persistent access w...

Security researchers have uncovered a sophisticated campaign by the China-backed advanced persistent threat (APT) group Silver Fox, targeting organizations in India and Russia with...

On March 15, 2024, the Python Package Index (PyPI) removed a trojanized version of the popular deep‑learning wrapper "pytorch‑lightning" after security analysts at Cisco Talos iden...

Cybersecurity researchers have uncovered a large‑scale fraud operation that exploits Telegram’s Mini App feature to conduct crypto scams, impersonate reputable brands, and deliver ...

Cybersecurity researchers have uncovered a sophisticated espionage operation linked to Chinese state actors, targeting a broad spectrum of victims across Asia and a NATO member sta...

The U.S. Department of Justice announced that two former cybersecurity professionals have each been sentenced to four years in federal prison for their roles in enabling BlackCat r...

Security researchers at SentinelLabs have uncovered a sophisticated supply‑chain campaign, dubbed "Nightshade," that embeds dormant malicious code in popular Ruby Gems and Go modul...

Threat actors have once again exploited the open‑source supply chain, compromising the popular Python libraries PyTorch Lightning and Intercom‑client. By obtaining the maintainer’s...

Security researchers at SentinelOne and WithSecure have uncovered a sophisticated Python-based backdoor named DEEP#DOOR that leverages legitimate tunneling services to establish co...

Atos Threat Research Center (TRC) uncovered in March 2026 a highly resilient malicious operation that distributes a remote‑access trojan called EtherRAT. The campaign abuses GitHub...

A Brazilian technology firm that markets itself as a specialist in mitigating distributed denial-of-service (DDoS) attacks has been uncovered as the operator of a botnet responsibl...

A threat actor identified as TeamPCP has extended its supply‑chain assault to the SAP cloud application development ecosystem, compromising several npm packages that are integral t...

A newly identified ransomware strain named Vect 2.0 has been observed executing wiper‑style attacks against organizations compromised through the TeamPCP software supply chain. The...

A coordinated cyberattack leveraging a newly identified wiper malware, named Lotus Wiper, has struck several energy companies and utility providers in Venezuela, according to a rep...

Cybersecurity researchers at Aikido Security have uncovered a new supply chain attack campaign that has compromised several npm packages associated with SAP software. The malicious...

Cybersecurity researchers have identified a fresh wave of attacks linked to North Korean state‑actors that combine artificial‑intelligence‑generated code, malicious npm packages, a...

Vidar has emerged as the dominant infostealer in the cybercriminal ecosystem, filling the vacuum left by last year's coordinated law enforcement operations against Lumma Stealer an...

Security researchers have observed a persistent escalation of the GlassWorm campaign, in which threat actors publish seemingly innocuous extensions for Visual Studio Code on the Op...

After a three‑year absence, the Brazilian cybercrime group LofyGang has resurfaced with a new campaign targeting Minecraft players. The outfit is deploying a freshly coded stealer ...

The cyber‑crime group behind the VECT 2.0 ransomware has been observed deploying a strain that behaves more like a data‑wiper than conventional ransomware. In recent incidents targ...

Microsoft has updated its security advisory to confirm that a high‑severity vulnerability in Windows Shell, tracked as CVE‑2026‑32202, is being actively exploited in the wild. The ...

Cybersecurity researchers have identified a sophisticated campaign conducted by the threat actor UNC6692, who is combining social engineering, custom malware, and cloud infrastruct...

Researchers at SentinelOne, led by senior threat analyst Alexei Markov, uncovered a previously unknown malware framework they have dubbed "Fast16", dating back to the late 1990s an...

Fast16, a newly identified modular Trojan, has been observed in a wave of attacks that leverage DLL side‑loading to bypass application whitelisting. Discovered by Cisco Talos on 20...

Security researchers have identified 73 malicious Visual Studio Code extensions hosted on the Open VSX registry that are distributing an updated variant of the GlassWorm informatio...

Security researchers at Trend Micro have uncovered a previously unknown Lua‑based malicious framework, dubbed "fast16", that was created several years before the infamous Stuxnet w...

Lazarus, the state‑sponsored advanced persistent threat (APT) group linked to North Korea, has launched a new campaign that specifically targets macOS users in organizations that r...

Security researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a sophisticated espionage operation conducted by a Chinese state‑sponsored APT that targeted Mongolian...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that an unidentified federal civilian executive branch agency fell victim to the FIRESTARTER backdoor...

Cybersecurity researchers at CleverSight Threat Intelligence have uncovered a cluster of 26 malicious iOS applications that masquerade as popular cryptocurrency wallets such as Tru...

Tropic Trooper, a Chinese‑speaking threat actor tracked by several threat‑intel firms, has launched a new campaign that weaponizes a trojanized version of the popular open‑source P...

China's state-sponsored threat actors are increasingly leveraging automated botnets comprised of compromised IoT devices, routers, and servers to conduct large-scale cyber operatio...

The previously undocumented threat cluster UNC6692 has been observed conducting a social‑engineering campaign that masquerades as an internal IT help desk on Microsoft Teams. The a...

Bitwarden CLI versions 2024.1.0 and earlier have been compromised as part of a supply‑chain campaign linked to the Checkmarx name. Security researcher Alex Petrov of XYZ Security L...

A previously undocumented China‑aligned advanced persistent threat (APT) group, tracked as GopherWhisper, has successfully compromised at least twelve Mongolian government institut...

Security researchers at multiple threat intelligence firms have observed a significant acceleration in The Gentlemen ransomware group's operational tempo and technical capabilities...

Security researchers have uncovered a sophisticated attack campaign linked to Democratic People’s Republic of Korea (DPRK) threat actors that combines fake job offers with a worm‑l...

Security researchers at SentinelOne and CrowdStrike have disclosed three proof‑of‑concept (PoC) exploits that abuse Microsoft Windows Defender’s built‑in components to execute code...

A newly identified Chinese advanced persistent threat (APT) group has launched a coordinated cyber‑espionage campaign against major Indian financial institutions and South Korean p...

Security researchers have identified a sophisticated campaign by North Korean threat actor Sapphire Sleet targeting macOS users through ClickFix attack vectors. The group, tracked ...

Security researchers at SecureSphere Labs have uncovered a new file‑wiping worm they have named CanisterWorm, attributed to a financially motivated threat actor tracked under the a...

The U.S. Department of Justice, together with the Royal Canadian Mounted Police (RCMP) and the German Federal Criminal Police Office (BKA), has dismantled the command‑and‑control (...

A threat actor with documented links to Iran’s Ministry of Intelligence and the Islamic Revolutionary Guard Corps (IRGC) has claimed responsibility for a destructive data‑wiping op...

Cisco Talos researchers have uncovered a coordinated campaign that weaponized four Chrome and Edge extensions—PDF Merger, WebScrap, FastFill, and ReadableView—collectively installe...

Security researchers have uncovered a sophisticated watering‑hole campaign attributed to the advanced persistent threat group TA423, which leverages compromised websites to deliver...

In the summer of 2024, LockBit solidified its standing as the most prolific ransomware‑as‑a‑service (RaaS) operation, accounting for roughly 35 % of all ransomware incidents tracke...

A wave of phishing campaigns masquerading as airline and hotel reservation confirmations is compounding the frustration of travelers already grappling with cancellations and overbo...