What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

North Korean Graphalgo Campaign Uses Fake Job Tests to Spread Malware Scam

A North Korean attack group is running a scam operation called the Graphalgo, wherein they use fake job schemes to deliver malware.

Infostealer malware found stealing OpenClaw secrets for first time

With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files ...
Ars Technica

Poland’s energy grid was targeted by never-before-seen wiper malware

Researchers on Friday said that Poland’s electric grid was targeted by wiper malware, likely unleashed by Russia state hackers in an attempt to disrupt electricity delivery operations. A cyberattack, ...
SiliconANGLE

‘PyStoreRAT’ malware uses fake developer tools on GitHub to infect Windows systems

A new report out today from endpoint security firm Morphisec Inc. details a previously undocumented malware family dubbed “PyStoreRAT” that abuses trusted open-source platforms and Windows scripting ...
AppleInsider

Latest macOS malware uses trusted search & AI to dupe users

A new Atomic macOS Stealer (AMOS) attack vector weaponizes Google searches and a user's trust in AI chatbots, researchers have found. Once infected, the AMOS can collect data, passwords, and more from ...
Infosecurity-magazine.com

Malware Discovered in 19 Visual Studio Code Extensions

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...
CSOonline

Polymorphic AI malware exists — but it’s not what you think

We are either at the dawn of AI-driven malware that rewrites itself on the fly, or we are seeing vendors and threat actors exaggerate its capabilities. Recent Google and MIT Sloan reports reignited ...
Dark Reading

How Malware Authors Are Incorporating LLMs to Evade Detection

Threat actors are testing malware that incorporates large language models (LLMs) to create malware that can evade detection by security tools. In an analysis published earlier this month, Google's ...
Android Authority

New banking malware can stealth-hack your Android phone: Here's how to stay safe (Updated)

A malware, called “Sturnus,” has emerged, and it exploits Android’s accessibility features to spread on your phone even without you noticing. It gains access to your Android after being installed via ...
Digital Trends

Google flags an AI-powered malware which rewrites itself in real time

What Happened: So, Google’s top security – Google’s Threat Intelligence Group, or GTIG – just found something that is frankly pretty terrifying. It’s a new type of malware they’re calling PROMPTFLUX.