Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.

The FBI has issued a stark warning about a sophisticated cyber threat using fake websites and login pages to steal your money ...

Scammers are using fake party invitations that appear to come from friends, family members, coworkers, and neighbors.

Steam is one of the most popular storefronts in PC gaming, but it turns out that the Steam Workshop might presently be ...

Scammers are using fake party invitations that appear to come from friends, family members, coworkers, and neighbors. At ...

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Microsoft’s monthly update included 206 fixes for flaws in everything from Windows to Office to Exchange Server, not to mention three zero-days.

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...