-
The recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which briefly exposed developers to malicious code, highlights growing risks within the open-source softw…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a malicious Google Chrome extension named “ChatGPT Ad Blocker” designed to silently steal private AI conversations. The malware cleverly disguises itself as a helpful tool, capitalizing on OpenAI’s …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongoing improvements in email security, phishing remains one of the most effective attack methods d…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of equipment for home and business safety, making device stability a top priority. When vulnerabilit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are increasingly turning simple social engineering tricks into full-scale data theft operations, and a newly identified malware platform called Venom Stealer is a strong example of this shift. Instead of just stealing credentials once, Venom cr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing the long-running Phorpiex (Trik) botnet to run large-scale ransomware, sextortion, and crypto-clipping operations, turning one infrastructure into a multi-purpose crime machine. A newer variant called Twizt gives the botnet a hybrid…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive automated cyberattack campaign is actively targeting web applications built on the popular Next.js framework to steal highly sensitive information. Cybersecurity researchers at Cisco Talos have uncovered a severe credential harvesting operati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
the OpenSSH project released version 10.3 alongside its portable version 10.3p1. Following a brief testing phase in late March, this major update addresses several important security vulnerabilities. The most critical fix prevents a dangerous shell inj…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
