TL;DR  Introduction  At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, Mozilla Firefox, Waterfox and LibreWolf. It also scanned Discord ...

New Malware Campaign Uses Google DoubleClick Links to Evade Detection ...

I switched to WSL 2 and finally stopped feeling locked into Windows — here's why that changes everything.

Attackers are increasingly abusing legitimate system utilities and widely used administrative tools to deliver malware, move through networks and avoid detection, forcing security teams to rethink ...

China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil ...

A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools.

CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.

Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.