ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.

The latest series of attacks began with phishing: a potential victim was offered to download "important working documents" from a link that looked like a Telegram file storage. Clicking on such a link ...

A multi-stage phishing campaign targeting Russia abuses GitHub and Dropbox to disable Microsoft Defender and deploy Amnesia ...

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...

A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the ...

Malicious actors are now injecting malicious codes into legitimate projects to steal digital assets from unsuspecting users. According to reports, cybersecurity researchers have uncovered a ...

A new report out today from cloud-native application security firm Sysdig Inc. details one of the first instances of a large language model being weaponized in an active malware campaign. Discovered ...

Chrome extensions are supposed to make your browser more useful, but they've quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered ...

Two critical remote code execution vulnerabilities in the Model Context Protocol (MCP) ecosystem have laid bare the hidden risks lurking in what's quickly becoming AI's new backbone infrastructure.

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...