Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Ravie LakshmananFeb 02, 2026Developer Tools / Malware Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open...
have
How secure are secrets vaults in cloud environments
Are You Overlooking Non-Human Identities in Cloud Security? Machine identities have emerged as critical components that require immediate attention and...
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect...
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between...
A Lack of Spending Isn’t the Problem With Cloud Security, Structural Complexity Is
Organizations may have ramped up spending on cybersecurity but that hasn’t done much to keep defenders at least on pace with an...
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses...
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the...
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Workflow Automation Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation...
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Ravie LakshmananJan 28, 2026Supply Chain Security / Malware Cybersecurity researchers have discovered two malicious packages in the Python Package Index...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Ravie LakshmananJan 27, 2026Threat Intelligence / Cyber Espionage Indian government entities have been targeted in two campaigns undertaken by a...
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization...
Microsoft’s Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update
Image: Clint Patterson/Unsplash Microsoft’s own fixes have become its biggest problem, forcing the company to issue a second emergency patch...
Beyond MFA: Building true resilience against identity-based attacks
Multi-factor authentication (MFA) remains a cornerstone of cybersecurity, but attackers have learned find workarounds.As identity-driven attacks continue to rise, organizations...
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ravie LakshmananJan 27, 2026Web Security / Malware Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has...
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Ravie LakshmananJan 26, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a...
