Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root ...

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue ...

Microsoft uncovered CryptoBandits malware that steals crypto wallets, hijacks clipboard data and uses Tor-based backdoors to ...

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

Attackers are increasingly abusing legitimate system utilities and widely used administrative tools to deliver malware, move through networks and avoid detection, forcing security teams to rethink ...