Advertisement
Critical SimpleHelp Vulnerability Exploited for Malware Delivery
A critical vulnerability in SimpleHelp is actively exploited to deploy malware, targeting credentials, SSH keys, and crypto wallets. Immediate patching is essential.
Turla APT Deploys StockStay Backdoor in Ukraine Espionage Campaign
Russian APT Turla targets Ukrainian government and military entities with the custom StockStay backdoor for persistent access and cyber espionage.

Amadey & StealC Malware Infrastructure Disrupted, 27M Credentials Stolen
Law enforcement and private sector dismantled infrastructure for Amadey and StealC malware, leading to 27M stolen credentials recovery. Learn impact & defense.
Amadey & StealC Malware C2 Infrastructure Disrupted
Microsoft and global allies dismantle the shared C2 infrastructure of Amadey botnet and StealC info-stealer malware, disrupting ongoing cybercrime operations.
Amadey & StealC Malware Operations Disrupted by Operation Endgame
Operation Endgame, led by Europol and Microsoft, has disrupted infrastructure supporting Amadey and StealC info-stealer malware, impacting cybercriminal services.
Shai-Hulud Attack: Trojanized PyPI Packages Steal Developer Secrets
New Shai-Hulud supply chain attack compromises 19 science-focused PyPI packages, distributing malware to steal developer credentials and secrets.

npm Supply Chain Attack: IronWorm and Miasma Malware Analysis
Threat actors target npm developers with the IronWorm info stealer and Miasma worm, utilizing eBPF rootkits to exfiltrate secrets and ensure persistence.
Hola Browser for Windows Compromised: Cryptominer Delivery via Supply Chain
Critical alert: Hola Browser for Windows compromised in a supply chain attack, delivering an undeclared cryptominer. Learn to detect and mitigate the threat.

FortiClient EMS Critical Flaw Exploited for Credential Stealing
Threat actors are actively exploiting a critical, patched FortiClient EMS vulnerability to deploy credential-stealing malware, bypassing trusted endpoint security.

CVE-2026-26980: Ghost CMS SQL Injection Leads to ClickFix Attacks
Attackers exploit CVE-2026-26980 in Ghost CMS to compromise 700+ websites, deploying ClickFix malware that tricks users into executing malicious scripts.

GlassWorm Campaign Leverages Malicious VS Code Extensions
Runtime Rebel details the GlassWorm campaign, which infects developers via malicious Visual Studio Code extensions on Open VSX, facilitating a supply chain attack.
GlassWorm Malware: Cloned Open VSX Extensions Target Developers
Over 70 malicious Open VSX extensions cloned from popular tools deliver GlassWorm malware, highlighting risks in developer-focused supply chain attacks.