A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.

A comprehensive SAML development guide for engineering leaders. Learn about assertions, metadata, and securing single sign-on for enterprise CIAM.

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering with fileless and kernel-level attack techniques.

A multi-stage malware loader known as OysterLoader has continued to evolve into early 2026, refining its command-and-control (C2) infrastructure and obfuscation methods.

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native ...

More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool's official registry and on GitHub.

A large-scale macOS malware campaign is spreading through sponsored Google search results and trusted online platforms. More ...

Learn how to debug and fix invalid security token errors in Enterprise SSO, SAML, and CIAM systems. Practical tips for CTOs and VPs of Engineering.

Some attachments in Epstein emails can be recovered unredacted, because base64-encoded email attachment data was included in the DOJ releases.

Researchers have uncovered a malware campaign targeting 7-Zip users through fake domain 7zip.com, turning infected computers ...