Microsoft

WhatsApp malware campaign delivers VBS payloads and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
InfoQ

QCon London 2026: All Tech Debt is Not Created Equal

Joy Ebertz, Principal Engineer at Imprint, presented at QCon London 2026 a groundbreaking framework for prioritizing ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...
Cybernews

Scammers run circles around sideloading restrictions with fake app stores

A massive scam campaign, dubbed FriendlyDealer, is using fake app stores to trick victims into installing bookmarks that act ...
DevPro Journal

Six mobile app security myths to forget in 2026

Security must be grounded in the “here and now” rather than implicitly clinging to the “tried and true” of yesterday.
CyberGuy

Hospital cyberattacks threaten patient safety

Hospital cyberattacks are surging. AI impersonation targets staff and patients. Here’s how to protect your medical identity ...
TechSpot

Hackers are selling a critical Windows zero-day exploit for $220,000 on the dark web

The big picture: A cybercriminal is reportedly selling a Windows zero-day exploit on the dark web for $220,000. The vulnerability, which targets Windows Remote Desktop Services, could allow an ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
Cloud Security Alliance

5 Retail Misconfigurations Attackers Exploit First

Five retail misconfigurations that expose customer data, from public file paths to misaligned identity policies and MFA gaps.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

DarkSword iOS exploit chain adopted by multiple threat actors: Report

Google Threat Intelligence Group (GTIG), Lookout Threat Labs, and iVerify published coordinated research in March 2026 on ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...