Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app.

North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.

The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure.

Initially though to be a DDoS attack, the incident was actually due to a routine change in permissions that caused widespread software failure.

A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.

Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.

A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention.

A campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has affected victims across 90 countries.

Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices.

Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch phishing attacks against customers via both email and WhatsApp.

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and website for nefarious purposes.

Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways.

Reconnaissance and BEC are among the malicious activities attackers commit after compromising cloud accounts, using a framework based on the TruffleHog tool.

Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength.

Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures.

The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats.

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros.

A persistent cyber-espionage campaign focused on SQL servers is targeting government, industrial, and financial sectors across Asia, Africa, and Latin America.

The sophisticated worm — which uses invisible code to steal credentials and turn developer systems into criminal proxies — has so far infected nearly 36k machines.

New encryption, wiper, and cryptocurrency-stealing capabilities make the evolving ransomware-as-a-service operation more dangerous than ever.