A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

PowerShell can do far more than most users realize. Explore 10 hidden capabilities that save time, improve reporting, and supercharge your workflow.

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft ...

APT28’s Operation MacroMaze used macro-laced documents and webhook.site to exfiltrate data across Europe from Sept 2025 to ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub ...

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

Whether you want to run a simple desktop or host your own servers, check out these Debian spin-offs first.

Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a ...

Nvidia released an open source Large Telco Model aimed at enterprises in the telecommunications industry looking for AI models that are trained specifically on their data and knowledgeable about their ...