Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...

Web skimming campaigns use obfuscated JavaScript code to steal credit card data from checkout pages without detection by ...

The vast majority (82%) of ethical hackers now use AI in their workflows, enabling companies to benefit from faster findings, more assessments, broader security coverage and higher quality reporting, ...

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations.

Since 2022, the firm argued, cybercrime has entered a fifth wave, which it called “weaponized AI.” ...

Officials of Ukraine's Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe.

A single developer built a Linux malware framework in less than a week using artificial intelligence, said security ...

GootLoader malware operators use deceptive installers, malicious ISO files, and browser hijacking to deliver ransomware and ...