New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

This simple script tamed my Downloads folder.

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...

"Living Off the Land" attacks use built-in tools and processes instead of traditional malware.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log ...

We've heard a lot this month about Xbox's new Project Helix console and how it'll support both console and PC games, and the ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

We, the members of the IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its ...