LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows update installerThe Latest Tech News, Delivered to Your Inbox ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

Vibe coding platforms are powerful, but users often don't know what they created.

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...