BlueNoroff hackers used fake Zoom calls, ClickFix prompts, and fileless PowerShell malware to steal credentials from Web3 and crypto targets.

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend ...

ClickFix scams trick users into infecting their own devices by following fake security and browser troubleshooting ...

CloudZ RAT exploits Phone Link since Jan 2026, stealing credentials and OTPs via Pheno plugin, bypassing 2FA protections.

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...

MuddyWater used Teams phishing in 2026 to steal credentials, enabling stealthy data exfiltration and persistence without ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ...

RDP is really useful, but the default setup has no place on the public-facing internet.

Attackers aren't breaking into your house; they’re using your own spare key to hide in plain sight. We need to stop assuming that "legitimate" tools are always doing legitimate work.

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...

OpenAI has published a technical explanation of its Windows sandbox for Codex, detailing a stricter local setup for the coding agent on developer PCs. Codex can still read broadly across a system, ...