Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

House lawmakers were digging into Jeffrey Epstein’s sprawling financial portfolio Wednesday as a committee deposed his former ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that ...

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

YouTube now hosts over 5 billion videos, with the equivalent of 500 hours of content uploaded every minute. Perhaps that's why YouTube is surpassing both Netflix ...

Browser-based version back on the menu, reopening questions about TDF's relationship with Collabora The Document Foundation (TDF) has pulled LibreOffice Online out of its "attic" – its term for ...