Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one...
researchers
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that...
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc....
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Ravie LakshmananMay 14, 2026Vulnerability / Web Server Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open,...
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Ravie LakshmananMay 12, 2026Malware / Mobile Security Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan...
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker...
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Ravie LakshmananMay 08, 2026Android / Mobile Security Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for...
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Ravie LakshmananMay 08, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's...
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Ravie LakshmananMay 07, 2026Threat Intelligence / Cloud Security Cybersecurity researchers have disclosed details of a new credential theft framework dubbed...
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Ravie LakshmananMay 07, 2026Malware / Threat Intelligence Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository...
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge...
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Ravie LakshmananMay 06, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have disclosed details of an intrusion that involved the use...
Indirect Prompt Injection Is Now a Real-World AI Security Threat
Last week, researchers at Google and Forcepoint reported that indirect prompt injection — a category of attack the security community...
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Ravie LakshmananMay 01, 2026Malware / Social Engineering Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid,...
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and...