Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.

Anyone who has clicked a checkbox to confirm they are not a robot may now be one keystroke sequence away from handing over ...

The Windows-based CryptoBandits cryptocurrency clipper blends data exfiltration and remote code execution in a backdoor.

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Attackers hijacked 400+ Arch Linux AUR packages to run a Rust credential stealer, with optional eBPF rootkit support on root ...

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.

Discover how malware scams on Android devices are targeting senior citizens, leading to significant financial losses in ...

The FTC warns of a phishing scam using fake CAPTCHA pages to install malware, risking personal data theft. Be cautious of ...

Clicking a captcha "I am not a robot" box and identifying images to prove it is second nature for many internet users. Now, cybercriminals are exploiting people's comfort with the routine to scam them ...

OnyxC2 is a sophisticated malware-as-a-service platform that delivers stealthy credential theft, remote control, and ...