PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security ...

Noodlophile stealer targets enterprises via copyright phishing since 2024, using Gmail, Dropbox, and Telegram for evasion.

PipeMagic is a plugin-based modular malware that uses a domain hosted on the Microsoft Azure cloud provider to stage the ...

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

Deepfake CFO scam stole $25.6M via fake video calls, proving adversarial AI is redefining identity fraud risks.

1Password Device Trust is one example of a zero trust solution that blocks a device from authenticating to company SaaS apps ...

UAT-7237 exploits unpatched Taiwan servers using SoundBill, Cobalt Strike, and SoftEther VPN for persistent control.

U.S. sanctions Garantex, successor Grinex, after $100M illicit crypto flow fuels ransomware and sanctions evasion.

ERMAC was first documented by ThreatFabric in September 2021, detailing its ability to conduct overlay attacks against ...

The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation ...

EncryptHub exploits CVE-2025-26633 with social engineering and rogue MSC files, delivering Fickle Stealer malware.

The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South ...