Malware

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their…

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a…

Ravie LakshmananApr 25, 2026Network Security / Infrastructure Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025…

The AI Agent Authority Gap – From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is…

Half a million Britons signed up to help cure cancer. Their data ended up for sale on Alibaba. The UK Biobank charity informed the British government of an incident concerning…

Ravie LakshmananApr 24, 2026Malware / Threat Intelligence Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation…

Roblox has long faced criticism over child safety on its platform. Now it has started settling with state attorneys over the issue, and the total is climbing fast. On April…

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. “As with…

If you use the internet, you’ve likely been affected by cybercrime in some way. Even when an attack is aimed at a company, the fallout usually lands on ordinary people….

Ravie LakshmananApr 23, 2026Supply Chain Attack / Open Source Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings…

Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by…

Ravie LakshmananApr 23, 2026Vulnerability / Encryption Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on…

Security researchers have linked a new macOS malware campaign to the Lazarus Group, the North Korea-linked hacking operation behind some of the crypto industry’s biggest thefts. Flagged on Tuesday, the…

Security researcher Alexander Hanff wrote an article titled Anthropic secretly installs spyware when you install Claude Desktop. Claims like that are bound to create two sides, so we searched for…

Ravie LakshmananApr 22, 2026Cloud Security / Software Security Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply…

During our threat hunting, we found a campaign using the same malware loader from our previous research to deliver a different threat: Needle Stealer, data-stealing malware designed to quietly harvest…

Ravie LakshmananApr 22, 2026Malware / Critical Infrastructure Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year…

Ravie LakshmananApr 22, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector….