ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users and developers.

Hackers reached out to a developer at the firm they wanted to attack and pretended to want to collaborate with him on an open ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

One in 4 Android phones potentially affected by a staggering security vulnerability that allowed hackers to access locked and protected handsets in less than 60 seconds.

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.

Having trouble coming up with good passwords? Don't rely on AI. Here's why.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Apple has released important updates for older iPhones and iPads that do not run the newer versions of iOS and iPadOS. These updates include security patches to counter a dangerous exploit kit, that ...

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

SocksEscort sold proxy services on the open web, but was actually routing traffic through compromised routers and internet-connected devices.