ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026. ClickFix – a social engineering technique leveraging fake error messages – has expanded into ...
The first AI agent ran a ransomware attack end to end, signaling a shift to machine-speed cyberattacks and autonomous defense ...
The ransomware’s use of trusted administrative tools and recovery-disruption tactics shows why containment, not just endpoint ...
An AI agent carried out the technical execution of a real-world ransomware attack for the first known time, but new details ...
Nothing broke, so I never looked.
When you upload your personal files to cloud storage services like Google Drive or OneDrive, you will find that the safety ...
A leaked chat and bitcoin trail show a US government entity paid Kairos $1m to suppress stolen files, no encryption involved, with clues pointing to Ohio.
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.