A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency…
Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers….
A new malware campaign targeting Windows users has emerged, using deceptive LNK shortcut files to distribute MoonPeak, a dangerous remote…
The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular…
A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by…
A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack…
Fortinet warns of active FortiCloud SSO bypass affecting updated devices Pierluigi Paganini January 23, 2026 Fortinet confirmed attacks are bypassing…
The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from…
Node.js has implemented a new quality control measure on its HackerOne bug bounty program, requiring researchers to maintain a minimum…
A new wave of web-based malware campaigns is using fake verification pages to trick users into installing dangerous software. These…
Salt Security announced a major expansion of its platform’s connectivity fabric with two new strategic integrations: the Salt Databricks Connector and…
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws…