A sophisticated supply chain incursion has been documented within the Open VSX extension registry, precipitated by the illicit seizure of a developer’s credentials. Adversaries surreptitiously integrated malicious payloads into widely utilized development tools to...
ESET has disclosed the intricate technical specifications of an incursion involving a nascent data-obliteration utility designated as DynoWiper. The incident compromised an energy sector entity in Poland, distinguished by its calculated focus on critical...
Analysts at Intrinsec have documented a surge in offensives leveraging the PhantomVAI loader, a utility architected upon the legacy RunPE framework and deployed in global cyber incursions. This instrument has surfaced concurrently across several...
A pronounced escalation in the activity of infrastructure tethered to the AsyncRAT remote access trojan has been meticulously documented across the global network. Analysis of pervasive telemetry reveals that the command-and-control (C2) servers of...
Authorities in South Korea and the nation’s preeminent financial institutions have intensified the integration of artificial intelligence to combat fraudulent machinations within the equity and cryptocurrency markets. This initiative primarily targets “pump and dump”...
For nearly half a year, the ubiquitous text editor Notepad++ inadvertently disseminated malicious payloads rather than legitimate refinements. This incursion remained veiled from June through December 2025, subverting the update mechanism of a utility...
The United States Department of Justice has disseminated a nascent cache of materials pertaining to the Jeffrey Epstein litigation, among which lies a document harboring startling allegations regarding a potential cyber-clandestine dimension to his...
The burgeoning AI assistant ClawdBot has precipitously descended into the vortex of a sophisticated malware offensive. Cybersecurity analysts have unearthed hundreds of deceptive plug-ins masquerading as indispensable cryptocurrency trading utilities; in reality, these modules...
The lead developer of the ubiquitous text editor Notepad++ has disclosed a formidable security breach that compromised the application’s update mechanism. State-sponsored adversaries successfully intercepted the update verification process, clandestinely rerouting users toward malicious...
A stealthy security breach has compromised one of the most prominent open-source content management projects. An anonymous adversary surreptitiously injected malicious code into several GitHub repositories by forcibly overwriting the commit history—a maneuver where...
A critical sandbox escape vulnerability has been unearthed within the vm2 library—a utility frequently employed as a JavaScript sanctuary for the execution of untrusted code within Node.js. This flaw, designated as CVE-2026-22709 with a...
Ivanti has disseminated remedial updates addressing two critical zero-day vulnerabilities within its Endpoint Manager Mobile (EPMM) platform. At the time of the patches’ release, these flaws were already being actively weaponized in the wild....
