Cybersecurity researchers have identified a targeted espionage-style malware campaign that uses GitHub Releases to conceal payload delivery, combining phishing, trusted cloud infrastructure and a ...

An APT group linked to the Iranian government pretended to be a Chaos ransomware affiliate in order to provide plausible deniability for geopolitical espionage and prepositioning, Rapid7 has claimed.

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, ...

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under ...

A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP ...

A sophisticated ransomware campaign is targeting Windows system administrators by utilizing fake download sites for popular utilities Putty and WinSCP. These utilities, essential for secure file ...

The Updater.exe process is a legitimate Google process. Starting with Chrome v123, GoogleUpdate.exe has been renamed to updater.exe and the location has changed. It’s the same program but with a ...

The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but ...