Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.
SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...
OliveTin puts all my annoying server jobs behind browser buttons within easy reach.
A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say.
ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery
ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...
Many organisations are turning to virtualisation of apps and desktops. This often involves virtualisation platforms such as Citrix to deliver these services. Get your configuration or lock-down wrong ...
The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
Attackers use fake Fortinet dialogs and social engineering to trick users into executing malware Cache smuggling hides malware in browser cache, bypassing download and PowerShell detection tools ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results