-
Hackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT‑10608”. It relie…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out its April 2026 Android Security Bulletin, addressing multiple vulnerabilities across the mobile operating system. The most alarming discovery this month is a critical security flaw in the Android Framework that allows attackers to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant across multiple campaigns dating back to late 2023. REF1695 relies on ISO-based fake installer…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that blends social engineering, living‑off‑the‑land techniques, and stealthy information‑stealing mal…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on M…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection lo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm‑1175 is a financially motiva…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
