Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...

Operation Endgame malware takedown seized 326 servers, froze $47M in criminal cryptocurrency, and recovered 27 million stolen ...

Offline desktop client for the Zamunda.RIP archive (Zamunda.NET + ArenaBG + Zelka.org). Cross-platform Electron app, ships with a full SQLite snapshot of the archive baked into the installer — works ...

The Windows-based CryptoBandits cryptocurrency clipper blends data exfiltration and remote code execution in a backdoor.

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The malware blends data theft with remote code execution, “turning a financially motivated stealer into a lightweight backdoor,” Microsoft said. Microsoft Threat Intelligence is warning Windows users ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...