Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.
As users (and detection tools) have gotten better at identifying the signs of a malware infection and savvy enough to avoid them in the first place, some cybercriminals have changed tactics.
Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.
This week saw attacks on Claude Code users, LastPass users, Starlink users, and, perhaps worst of all, people who needed an ambulance. Add a dash of AI hacking, and you have another wild week in ...
Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover ...
With the catchy codenames of CVE-2026-26110 and CVE-2026-26113, these issues potentially allow anyone with local access to Office to execute whatever code they like. Both have a common vulnerability ...
ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.
Over the course of nearly 300 posts, Jonathan Bennett set a very high bar for this column, so we knew it needed to be placed in the hands of somebody who could do it justice.
A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ...
Notepad++ has been released in version 8.9.2. The new version improves security mechanisms and closes a highly risky security vulnerability through which attackers can execute arbitrary code. In the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results