A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified…
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain…
A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick…
A moderate out-of-bounds write vulnerability in Apache Hadoop’s HDFS native client that could allow attackers to trigger system crashes or cause data corruption in production…
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the “SyncFuture Espionage Campaign,”…
Microsoft has released two critical out-of-band (OOB) security patches targeting widespread issues affecting Windows 11 users following January’s monthly security updates. The emergency patches, KB5078127…
Two critical 0-day vulnerabilities in NetSupport Manager that, when chained, allow unauthenticated remote code execution (RCE). The vulnerabilities were discovered during routine security assessments of…
A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This…
A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name…
A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the…
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000…
The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The…
