ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust...
researchers
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of...
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Ravie LakshmananMay 27, 2026Threat Intelligence / Supply Chain Attack Cybersecurity researchers have discovered a new malicious package on the npm...
Gitea Vulnerability Exposes Private Container Images without Authentication
Ravie LakshmananMay 27, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform...
Webworm: New burrowing techniques
ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but...
Webworm: New burrowing techniques
ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but...
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Ravie LakshmananMay 25, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that...
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that...
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561...
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a...
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Ravie LakshmananMay 21, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained...
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that...
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Ravie LakshmananMay 19, 2026Malvertising / Mobile Security Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation...
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Ravie LakshmananMay 19, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have flagged a compromised version of the Nx Console...
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the...