Securonix uncovers the Veil#Drop malware framework, which abuses compromised websites and Google Blogspot to deploy the PureLog information stealer.
A practitioner's breakdown of the CSRF attack: how the forged request works, two documented exploits, a manual test, and the ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
A fake Pearcleaner website is reportedly targeting Mac users with an infostealer-style attack, while the real app remains ...
The Gaslight macOS malware from a North Korean cluster doesn't bypass AI analysis platforms yet, but its 38-message prompt injection cascade makes the direction of travel clear. Here's why this ...
SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
Operation Endgame malware takedown seized 326 servers, froze $47M in criminal cryptocurrency, and recovered 27 million stolen ...
Microsoft on Wednesday said it has disrupted infrastructure tied to StealC and Amadey, two widely used cybercrime tools that the company says have become part of a broader malware supply chain used to ...