⚠️ Massive Supply-Chain Attack Targets Developers via Malicious npm Packages Security researchers have uncovered an active software supply-chain campaign spreading through the npm ecosystem that behaves like a self-propagating worm. The operation relies on at least 19 malicious packages designed…
⚠️ Why LLM Infrastructure Is Becoming a Major Security Risk As more organizations deploy their own Large Language Models (LLMs), the real danger is shifting away from the models themselves and toward the systems that surround them. To keep AI…
🛑 Cyber Threat Landscape 2026: Key Findings from New Research A newly released security study examining over 1.1 million malicious files and 15.5 million attack events reveals a major shift in attacker behavior. Roughly four out of five of the…
Researchers from the Chinese Academy of Sciences and Nanyang Technological University have unveiled a new defense system called AURA designed to protect valuable knowledge graphs used in advanced AI applications from theft and misuse. Instead of trying to block attackers…
A powerful new edition of the notorious LockBit ransomware is spreading across corporate networks, posing a serious threat to organizations around the globe. Dubbed LockBit 5.0, the updated strain expands its reach by attacking multiple operating systems, including Windows, Linux,…
Security researchers have uncovered a new social engineering campaign aimed at macOS users that delivers credential-stealing malware through a highly refined version of the ClickFix technique. The operation, dubbed “Matryoshka,” uses multiple layers of hidden code to slip past security…
Security researchers are warning of widespread exploitation targeting a severe remote code execution vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The flaw, identified as CVE-2026-1281, allows attackers to take control of vulnerable systems without authentication and is already being used…
Cybercriminals are exploiting excitement around the Milano Cortina 2026 Winter Olympics by launching dozens of fraudulent online stores designed to steal shoppers’ money, payment details, and personal information. Security researchers warn that the campaign specifically targets fans searching for official…
A newly identified cyber espionage group has launched coordinated attacks against Ukrainian institutions using a previously undocumented malware strain known as CANFAIL, according to security researchers. The activity appears to focus on critical sectors tied to national security and infrastructure.…
Microsoft security researchers have uncovered an advanced evolution of the ClickFix social engineering technique, revealing how attackers are now using DNS requests to secretly pull malicious payloads onto victims’ computers. The new approach reduces reliance on typical web downloads, making…
