-
A newly discovered malicious NPM package, dubbed duer-js , is being used to distribute an advanced information‑stealing malware that primarily targets Windows systems and Discord users. Published by the user “luizaearlyx”, the package contains a custom…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open‑source ecosystems to deliver malware to cryptocurrency‑focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hid…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new era of AI vulnerability has arrived, and it is far more dangerous than simply tricking a chatbot into saying something rude. New research released this week demonstrates how attackers can weaponize everyday tools such as Google Calendar and Zoom …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are abusing legitimate remote monitoring tools to hide inside corporate networks and launch ransomware attacks. Net Monitor for Employees Professional is a commercial workforce monitoring tool by NetworkLookout that offers remote screen v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released emergency security updates for iOS and iPadOS to fix a critical “zero-day” vulnerability that hackers are actively using in attacks. The flaw, tracked as CVE-2026-20700, was discovered by Google’s Threat Analysis Gr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft released its latest security update, KB5075912, for Windows 10 on February 10, 2026, providing critical protections for users enrolled in the Extended Security Updates (ESU) program. This update addresses urgent security vulnerabilities and s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a new zero-day vulnerability in the MSHTML Framework that allows attackers to bypass security features, posing significant risks to organizations worldwide. Tracked as CVE-2026-21513, this vulnerability was released on February …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly exposed malware framework, VoidLink, is reshaping how attackers manage implants across modern cloud and enterprise environments. Cisco Talos has now linked this framework to a threat actor tracked as UAT-9921, highlighting how on-demand compila…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
