Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux.

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

Adobe has released a fix for an Acrobat and Reader zero-day that attackers had been exploiting for months. The patch, shipped on April 11, addresses CVE-2026-34621, a critical vulnerability in Acrobat ...

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

Have you been playing Connections, the super fun word game from the New York Times that has people sharing those multi-colored squares on social media like they did with Wordle? It’s pretty fun and ...