Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) ...

Is this a virus?: Classic ZIP bombs and other archive-based tricks have long given cybercriminals a convenient way to sneak malware onto unsuspecting systems. A newly documented technique claims to go ...

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.

That initial tool, called Jmail, allows users to wade through Epstein’s seemingly endless email correspondence in a Gmail-style interface. To build it, Walz and Igel used Google’s Gemini AI to run ...

It is one thing most people forget. Deleting files inside Google Drive doesn’t immediately free up space. They are moved to ...

Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

Amazon has just changed the encryption used for Kindle books on older e-readers without a software update. Any Kindle with ...

Hackers can change a single byte to insert malware undetected, posing as an apparently corrupted ZIP file dubbed Zombie Zip. A security researcher demonstrated this by tricking Windows Defender and ...

BlackSanta is a malware module that kills EDR and AV at the kernel level prior to unleashing the malware’s final purpose.