General cybersecurity industry news, market trends, and analysis
Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.
ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users and developers.
DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and screen capture.
Initial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag.
Android 17 blocks non-accessibility apps from the Accessibility API in Advanced Protection Mode, reducing malware abuse and the attack surface.
Personal information such as names, email addresses, and phone numbers was accessed by hackers.
CNCERT warns OpenClaw AI agent has weak defaults enabling prompt injection and data leaks, prompting China to restrict use on government systems.
GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls.
The excitement around Cisco's latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked risks.
Threat actors target nonprofits due to security gaps and highly coveted information, but a lack of sufficient data makes it difficult to grasp the entire picture.
China-linked CL-STA-1087 targets Southeast Asian militaries since 2020 using AppleChris and MemFun for espionage and credential theft.
