The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a group tracked by Microsoft as Void Blizzard.

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and screen capture.

Escaped the productivity rabbit hole ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Jennifer Jarvis helps take care of Central City’s park and veterans monument, but depends on her 20 medications – which she can no longer get filled at the local pharmacy in town, ...

There is no shortage of Windows customization tools, but this one stands out by giving you maximum control with the right methods.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

Alibaba Group Holding Ltd. launched a dedicated mobile app claiming to help users install and deploy OpenClaw within minutes, ...

The State Law Enforcement Division (SLED) is warning that a number of news websites across the State using the “HereCity” platform have been hacked and contain a malicious JavaScript. HereCity is a ...

A malicious npm package disguised as a legitimate AI tool to install the virally popular OpenClaw, but designed to steal system passwords and crypto wallets, ...

It was a solid addition to my LLM-powered app stack ...