A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and ...

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

A multi-stage malware loader known as OysterLoader has continued to evolve into early 2026, refining its command-and-control (C2) infrastructure and obfuscation methods.

Mobile platforms operate under fundamentally different trust assumptions than we relied on for web security. Your mobile ...

North Korean state-backed hackers are exploiting global technology recruitment channels to plant malware, siphon intellectual property and generate covert revenue, according to multiple cyber security ...

The Sophia Script is an open-source PowerShell module designed to debloat and fine-tune Windows 11 (and Windows 10 ). It is ...