From late April 2026 to mid-June 2026, Microsoft Defender Experts observed increased ACR Stealer activity across customer ...
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in ...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a ...
Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and ...
ACR Stealer campaigns use ClickFix lures, JPEG steganography, and WebDAV to steal browser tokens, passwords, PDFs, and synced ...
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social engineering ...
This photograph shows a screen during the 18th edition of the "InCyber" Forum, an international cyber security event, at the Grand Palais in Lille, northern France on April 1, 2026. The forum, which ...
a laptop screen with a webpage of the IT Army of Ukraine group of volunteer hackers. The IT Army of Ukraine first set up in the wake of Russia's devastating attack, and has since hugely grown in ...
Researchers from Zscaler found a new malware campaign dubbed Edgecution.