Advertisement
FortiClient EMS Critical Flaw Exploited for Credential Stealing
Threat actors are actively exploiting a critical, patched FortiClient EMS vulnerability to deploy credential-stealing malware, bypassing trusted endpoint security.
CVE-2026-26980: Ghost CMS SQL Injection Leads to ClickFix Attacks
Attackers exploit CVE-2026-26980 in Ghost CMS to compromise 700+ websites, deploying ClickFix malware that tricks users into executing malicious scripts.
GlassWorm Campaign Leverages Malicious VS Code Extensions
Runtime Rebel details the GlassWorm campaign, which infects developers via malicious Visual Studio Code extensions on Open VSX, facilitating a supply chain attack.
GlassWorm Malware: Cloned Open VSX Extensions Target Developers
Over 70 malicious Open VSX extensions cloned from popular tools deliver GlassWorm malware, highlighting risks in developer-focused supply chain attacks.
GlassWorm Malware Resurfaces via 73 OpenVSX Sleeper Extensions
A new GlassWorm campaign exploits the OpenVSX ecosystem with 73 'sleeper' extensions, posing a significant supply chain threat to developers.
AgingFly Malware: Credential Theft Operations Against Ukraine
Analysis of AgingFly malware, a new threat observed actively targeting Ukrainian government and hospital entities to steal credentials from Chromium browsers and
Trojanized CPU-Z and HWMonitor Distributed via CPUID Site Hack
Russian-speaking threat actors compromised the CPUID website to distribute STX RAT through trojanized versions of CPU-Z and HWMonitor diagnostic tools.
North Korean Hackers Distribute 1,700 Malicious Packages via npm and PyPI
North Korean threat actors expand the Contagious Interview campaign, deploying 1,700 malicious packages across npm, PyPI, Go, and Rust ecosystems.
Fake GitHub Repositories Deliver Vidar Infostealer via Claude Leak
Threat actors are exploiting the Claude Code leak, deploying fake GitHub repositories to distribute Vidar infostealer malware, targeting unsuspecting developers and
NoVoice Android Malware on Google Play: 2.3 Million Devices Infected
NoVoice Android malware, disguised in over 50 Google Play apps, infected 2.3 million devices, exhibiting aggressive adware and subscription fraud.
DeepLoad Malware: Analysis of ClickFix Attacks and Mitigation
DeepLoad malware, observed in ClickFix attacks, steals credentials, installs malicious browser extensions, and propagates via USB drives. Learn TTPs and defense
WhatsApp VBS Malware Bypasses UAC to Hijack Windows Systems
Microsoft warns of a new campaign distributing VBS malware via WhatsApp, exploiting UAC bypass to establish persistence and remote access on Windows systems, starting