It begins with a follow request. An 18-year-old male accepts one on Instagram from an attractive female stranger. She likes ...
A large-scale phishing operation has been observed disguising a malicious script as a TrueType font file (.tff). Using the ...
The app is designed for people who want to create social content, but find traditional video editing tools too complex or ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
New TELEPUZ malware spreads through ClickFix, then steals browser cookies, logs keystrokes, runs commands, and installs ...
Attackers were found using a Lua-based malware loader posing as a TrueType font tile, with layered obfuscation and fileless ...
A new macOS malware named ClickLock Stealer leverages social engineering and process killing to bypass the operating system’s ...
CrashStealer, a newly documented Mac infostealer, used an Apple-notarized meeting app to reach victims before stealing ...
Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to ...
Daxin resurfaces at a Taiwan manufacturer alongside Stupig, a new backdoor that runs SYSTEM commands before sign-in through ...
A new macOS stealer has been observed pairing the paste-a-command social engineering of a ClickFix lure with a coercion ...