UNC4899 breached a crypto firm via AirDrop malware and cloud exploitation in 2025, stealing millions through Kubernetes and Cloud SQL abuse.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

Have you ever tried to send a huge document by email only to get the annoying "file too large" error? Or maybe you only needed to translimit one chapter from a 200-page report, but you sent the whole ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit this to gain remote root access to a user’s computer.

Meta is rolling out a dedicated shopping research mode inside its Meta AI web chatbot for a slice of US desktop users. Search ...

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

Background Remission and low-disease activity are recommended targets in systemic lupus erythematosus (SLE), yet many ...