Malware

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking…

Ravie LakshmananApr 06, 2026Ransomware / Endpoint Security Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised…

Big news: Lock and Code is nominated for a Webby Award! You can help us win the People’s Voice Award by voting here. This week on the Lock and Code…

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the…

Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to…

As layoffs surge and job seekers flood the market, phishing campaigns impersonating major brands, including Coca-Cola and Ferrari, are ramping up—and they’re more sophisticated than ever. The first scam we…

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a…

While we can probably all agree that there is more than enough proof that social media is bad for the mental health of our children, the methods we are trying…

Ravie LakshmananApr 03, 2026Linux / Server Hardening Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution,…

Ravie LakshmananApr 03, 2026Mobile Security / Threat Intelligence Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year…

Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web…

Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website…

Ravie LakshmananApr 02, 2026Cybersecurity / Hacking News The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just…

Ravie LakshmananApr 02, 2026Surveillance / Mobile Security Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that…

People lost an estimated $442 billion to scams last year worldwide, according to the Global Anti-Scam Alliance. The scale of that is hard to picture, but people’s day-to-day scam experience…

For the careful VPN customer today, so much depends upon a privacy promise, made, too often, by a company without proof.   No-logs policies, modern encryption algorithms, a refusal to store sensitive customer information, and full ownership…

The Internet is filled with people who insist on being right. In the past, at least they could be reasonably sure that they were arguing with other humans. Those days…

Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application…

Ravie LakshmananApr 01, 2026Email Security / Artificial Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself…

Ravie LakshmananApr 01, 2026Social Engineering / Malware Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity,…

Ravie LakshmananApr 01, 2026Threat Intelligence / Software Security Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity…

Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions…

Ravie LakshmananMar 31, 2026Mobile Security / Compliance Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful…

Researchers found that compromised Axios versions installed a Remote Access Trojan. Axios is a promise-based HTTP Client for node.js, basically a helper tool that developers use behind the scenes to let apps…

Ravie LakshmananMar 31, 2026Cloud Security / AI Security Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to…

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4…

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. “A single malicious prompt…

Rumor has it that Apple deployed a new security feature in the fight against ClickFix. The new feature will be available for macOS Tahoe 26.4 and it will warn Mac users…

Ravie LakshmananMar 30, 2026Threat Intelligence / Browser Security A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to…