CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its ...

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

ReversingLabs reveals hackers using Ethereum Smart contracts in NPM packages to conceal malware URLs, bypass scans, and ...

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals ...

Cybercriminals have invented an insidious way to seize control of vulnerable AIs, and the models you use on your phone or ...

Hackers exploit X’s Grok AI to spread malware via promoted ads, exposing millions to malicious links in a scheme researchers ...

Cybersecurity firm HiddenLayer uncovers a “CopyPasta License Attack” that exploits Coinbase’s favored AI coding tool, Cursor.

Russia's APT28 tested LLM-powered malware on Ukraine. The same tech that breaches enterprises is now selling for $250/month on the dark web.

At Def Con, you can see live how vishing works. Surprisingly often, attackers obtain even the most important company information by telephone.

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese ...