Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Ravie LakshmananJun 23, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have discovered a set of malicious npm packages that...
Hacking
Category Added in a WPeMatico Campaign
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Ravie LakshmananJun 23, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have discovered a set of malicious npm packages that...
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Ravie LakshmananJun 23, 2026Malware / Social Engineering Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic...
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Ravie LakshmananJun 23, 2026Malware / Social Engineering Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic...
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the...
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Ravie LakshmananJun 22, 2026Supply Chain Attack / Malware Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack...
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Ravie LakshmananJun 22, 2026AI Security / Vulnerability Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic...
29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests
Swati KhandelwalJun 22, 2026Vulnerability / Server Security A heap over-read in the Squid web proxy can leak another user's cleartext...
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Ravie LakshmananJun 22, 2026Malvertising / Endpoint Security Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by...
Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries
Swati KhandelwalJun 22, 2026Mobile Security / Open Source Google has set September 30, 2026, as the day it begins enforcing Android...
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs...
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian...
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
Swati KhandelwalJun 22, 2026IoT Security / Vulnerability A new malware family is turning forgotten home routers into a distributed reconnaissance...
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
Ravie LakshmananJun 22, 2026Cybercrime / Artificial Intelligence A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in...
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Ravie LakshmananJun 20, 2026Vulnerability / Web Security Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a...
