The comments on some Steam Profiles are actually loaded with invisible malware.

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

Your browser is more than just another app—it's your gateway to the web. We break down the strengths and weaknesses of today's top browsers to help you find the best fit for your needs.

Software Improvement Group (SIG), the global software consultancy behind the Sigrid® software portfolio governance platform, ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...

Cybercriminals use ErrTraffic tool to automate malware distribution through fake browser error messages, with attacks ...

From Discord and Teams to WhatsApp, Windows Search, the Start menu, and even the new Agenda view in Notifications Center, Windows 11 keeps doubling down on web junk, and it’s getting so out of control ...