Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, ...

Tracking pixels let social media companies spy on users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more.

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

Your browser gives you up every time, and cookies are not the problem. One dead-simple trick takes back your privacy.

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

Recent social engineering schemes involving WordPress and Microsoft’s Windows Terminal show that this relatively basic tactic is a growing threat.

Unlike in Fulton County, Georgia, where actual ballots were seized, a federal grand jury subpoenaed digital data related to a partisan audit of the Maricopa County’s vote.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

A malicious npm package disguised as a legitimate AI tool to install the virally popular OpenClaw, but designed to steal system passwords and crypto wallets, ...

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be the first documented case of attackers abusing the Deno JavaScript runtime ...