Tycoon2FA phishing kit targets Microsoft 365 with new tricks
Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve…
AI-hallucinated code dependencies become new supply chain risk
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for…
Hackers abuse WordPress MU-Plugins to hide malicious code
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection.…
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers'…
FBI warnings are true—fake file converters do push malware
The FBI is warning that fake online document converters are being used to steal people's information and, in worst-case scenarios,…
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review…
Western Alliance Bank notifies 21,899 customers of data breach
Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's…
ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed…
ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers…
Lazarus hacked Bybit via breached Safe{Wallet} developer machine
Forensic investigators have found that North Korean Lazarus hackers stole $1.5 billion from Bybit after hacking a developer's device at…