A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

This week in cybersecurity: 338 new CVEs published including 11 critical severity. 9 vulnerabilities added to CISA KEV catalog. Plus major developments in AI security, supply chain attacks, and ...

AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.

This Windows 11 24H2 update download could quietly compromise your system and steal sensitive personal data, putting your system's privacy and security at serious risk.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

An incident of LinkedIn malware means jobseekers and employers need to take more care with their applications and ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Google、AI採用のサイバー防御イニシアチブ発表　「Magika」オープンソース化も Googleは、「防衛者のジレンマ」に対処するための新イニシアチブ「AI Cyber Defense Initiative」の立ち上げを発表した。また、Gmailなどで活用しているAI採用マルウェア検出ツール「Magika」をオープンソース化した。（2024/2/16） ...