A new cyber-espionage campaign targets HR staff with fake job applications that secretly install malware capable of disabling security software and stealing sensitive data.

Many Chrome extensions start as small developer projects, and once they gain users, are sold on. But what if the new owner turns out to be a bad actor who gains the ability to update software running ...

Claude Code is Anthropic’s agentic coding tool that allows developers to run CLI commands and build long-running agents. This week, developers searching Google for it are landing on near-perfect ...

Cyber intelligence firm CloudSEK reports that online fraudsters are using a new toolkit called 'Digital Lutera' to bypass security features of UPI apps and carry out fraudulent financial transactions.

Stolen credentials often remain active long before a breach. See how identity persistence drives initial access risk.

New hacking cluster exploits web servers and Mimikatz to infiltrate Asian infrastructure for long-term espionage in aviation, ...

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks.

The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration. An ongoing campaign, ...

A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.

Google released an Android update fixing 129 vulnerabilities, including a zero-day flaw linked to Qualcomm chips already exploited in attacks.

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

A strain of Windows malware is exploiting a deceptively simple trick to bypass antivirus software: it disguises itself as a legitimately signed application, making it nearly invisible to standard ...