Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

There’s a new scam to look out for in a place you wouldn’t expect. Security experts at the Identity Theft Resource Center ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

A new scam involving fake CAPTCHA boxes is tricking people into downloading malware that can steal sensitive information.

A new ClickFix attack that leverages a Nuitka loader targets macOS users with the Python-based Infiniti Stealer malware.

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...

One key addition is support for rendering inline graphics such as Sixel images, allowing advanced command-line tools like the Windows Package Manager (WinGet) to display app ...

We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer.

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.