A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the ...

Researchers detail JS#SMUGGLER, a multi-stage web attack using JavaScript, HTA, and PowerShell to deploy NetSupport RAT on ...

One particularly sneaky scam is a browser-in-the-browser (BitB) attack, in which threat actors create a fake browser window that looks like a trusted single sign-on (SSO) login page within a real ...

Researchers detail new AI and phishing kits that steal credentials, bypass MFA, and scale attacks across major services.

Hackers are exploiting a vulnerability in React to inject wallet-draining malware into cryptocurrency websites.

React vulnerability CVE-2025-55182 exploited by crypto-drainers to execute remote code and steal funds from affected websites ...

As exploitation activity against CVE-2025-55182, researchers are finding some exploits contain bypasses for Web application firewall (WAF) rules.

A fast-moving spyware campaign has forced Apple, Google and the U.S. government into an unusually coordinated response, as ...

After nearly four years of fighting, few aspects of Russia’s war in Ukraine have gained as much attention among Western militaries as the rapid expansion of drone warfare. Since 2023, both sides have ...

Since September, the Trump administration has conducted over 20 lethal strikes on vessels in the Caribbean and the eastern Pacific, alleging that the boats were carrying drugs from South America. The ...

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...