Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and...
that
Smashing Security podcast #458: How not to steal $46 million from the US government
A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant...
Researchers Trick Perplexity’s Comet AI Browser Into Phishing Scam in Under Four Minutes
Ravie LakshmananMar 11, 2026Artificial Intelligence / Browser Security Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute...
Who Actually Owns This Service Account?
When that AWS service account gets compromised, who do you call?A question that shouldn't be hard. If you're in...
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the...
Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant?
X, Elon Musk's social media site that many people (me included) still prefer to call Twitter, has told British MPs...
Zero Trust for B2B SaaS: What Every Founder and CTO Needs to Know
There's a conversation that plays out in enterprise sales cycles thousands of times a day. A promising deal has...
Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites
While the execution of the bytecode was not successful in our tests, we saw that it contains strings and a...
Welcome Our Newest Associate Participating Organizations
We are pleased to welcome the newest organizations that have joined as Associate Participating Organizations of the PCI Security Standards...
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan...
How AI Assistants are Moving the Security Goalposts
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate...
How AI Assistants are Moving the Security Goalposts
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can...
The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors
In December 2024, millions of users woke up to find that their "productivity tool" Chrome extensions had transformed overnight...
Global coalition dismantles Tycoon 2FA phishing kit
Tycoon 2FA, a major phishing kit and platform that allowed low-skilled cybercriminals to bypass multifactor authentication and conduct large-scale adversary-in-the-middle...
ClickFix attackers using new tactic to evade detection, says Microsoft
“And all Windows computers should already be restricted so that random, unsigned (not signed by the organization), PowerShell commands should...
