DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

Researchers from Google LLC and two cybersecurity companies have identified a set of zero-day exploits in iOS 18. Google’s GTIG threat intelligence team, Lookout Inc. and iVerify Inc. published their ...

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

The U.S. Department of Justice (DOJ) has begun releasing a large trove of documents related to convicted sex offender Jeffrey Epstein and his associates. The DOJ’s online archive, the Epstein library, ...

An extension I used almost every day was bought by a new owner and loaded up with spyware. It happened in 2024, but Google ...

Seemingly out of nowhere, the “Save image as Type” Chrome extension was marked for removal, with Google warning users ...