Exploits

Brazilian threat actors behind the Lampion banking trojan have evolved their infection tactics by incorporating the ClickFix social engineering technique to distribute credential-stealing malware....

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The...

Unit 42 researchers have identified a sophisticated Windows-based malware family, Airstalk, that exploits legitimate mobile device management APIs to establish covert command-and-control channels. The malware...

Family West Health, a 25-bed facility, said it spotted a cyberattack this week that forced it to shut down IT systems. However, it confirmed...

The 10 typosquatted packages imitate discord.js, TypeScript and other popular packages. 

(Image credit: Shutterstock / mindea) Herodotus malware mimics human typing to evade timing-based antivirus detection Spread via SMS phishing, it installs silently using fake screens and...

Security researchers have disclosed a campaign of typosquatted npm packages that automatically execute on install and ultimately deliver a cross-platform credential stealer. According to researchers, the malicious packages were first published...

Image credit: Pixabay (Image credit: Future) Qilin ransomware uses WSL to run Linux encryptors stealthily on Windows systems Attackers bypass Windows defenses by executing ELF binaries inside...

IBM X-Force has identified a coordinated phishing campaign targeting Colombian users between August and October 2025 that leverages spoofed judicial communications to distribute the...