ACR Stealer campaigns use ClickFix lures, JPEG steganography, and WebDAV to steal browser tokens, passwords, PDFs, and synced ...
New TELEPUZ malware spreads through ClickFix, then steals browser cookies, logs keystrokes, runs commands, and installs ...
A large-scale phishing operation has been observed disguising a malicious script as a TrueType font file (.tff). Using the ...
Bitdefender researchers show how Windows bind links can create conflicting filesystem views to hide malware from endpoint ...
Researchers reported the flaw to Cursor in December, but it still remains in the popular AI coding platform and can be used ...
From late April 2026 to mid-June 2026, Microsoft Defender Experts observed increased ACR Stealer activity across customer ...
A financially motivated Russian threat actor tracked as UAT-11795 is using trojanized software to steal credentials and ...
One of the Russian government’s most elite hacking groups has adopted an attack, known as Clickfix, to compromise devices ...
A new malicious framework called OkoBot is delivering more than 20 payloads in attacks focused on stealing cryptocurrency ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
Visual Studio Code 1.129 adds a dedicated process for running AI agent sessions and an experimental docked editor for reviewing agent-generated changes.