Microsoft Defender, our supposed digital guardian, is bleeding vulnerabilities. Two zero-days are actively exploited, one granting SYSTEM privileges, the other locking down devices entirely.
A massive online storefront's customer base was laid bare, with 28,000 accounts compromised by a sophisticated infostealer operation. Ukrainian authorities are pointing the finger at a young suspect from Odesa.
A leaked malware strain is now fueling a fresh wave of attacks against the Node Package Manager. Developers' secrets and systems are increasingly at risk.
The open-source code for malware is becoming a dangerous playground for attackers. Researchers just found four new npm packages peddling everything from data-stealing worms to potent DDoS bots.
Just when you thought CI/CD pipelines were safe, Checkmarx’s Jenkins plugin gets roped into a supply-chain attack. TeamPCP strikes again.
A sophisticated malvertising campaign is turning trusted platforms into vectors for Mac malware. Google Ads and Anthropic's Claude.ai are being abused, demonstrating a new frontier in attack sophistication.
A sophisticated cyber campaign is exploiting a social engineering trick called ClickFix to push potent password-stealing malware. Australia's top cybersecurity agency is sounding the alarm.
Imagine walking into a cutting-edge AI lab, only to find it's a Trojan horse. That's precisely what happened on Hugging Face, a hub for AI innovation, when a malicious repository masqueraded as an official OpenAI tool.
The persistent threat of data theft just got a new vector. VoidStealer malware has figured out how to bypass Google Chrome's App-Bound Encryption, leaving user data vulnerable.
Over 610,000 Roblox accounts were reportedly pilfered by a hacking group, netting them an estimated $225,000. Ukrainian authorities have arrested three suspects in connection with the operation.
The infostealer market is a revolving door of criminal enterprise. Now, Vidar has cemented its place at the top, exploiting a void left by fallen rivals.
Imagine logging into your corporate email, only for a cybercrook halfway across the world to slip in behind you—using your own active session. Storm's doing exactly that, and it's dirt cheap.