Cybercriminals are abusing Pride Month and diversity messaging—months before June—to trick employees into credential theft using trusted email platforms. Discover how this global scam operates and what you can do to stay safe.
A fake LINE installer, armed with a tampered certificate and advanced evasion techniques, is spreading ValleyRAT malware to harvest credentials and disrupt security tools among Chinese-speaking users.
A trusted developer account was hijacked to inject GlassWorm malware into popular VSX extensions, exposing over 22,000 users to credential theft and highlighting severe supply chain vulnerabilities in developer ecosystems.
HoneyMyte, also known as Mustang Panda, has unleashed a wave of advanced cyber-espionage tools in 2025. Their upgraded CoolClient malware now features clipboard monitoring, proxy credential theft, and modular plugins, targeting governments and enterprises across Asia and Europe.
A trusted developer's account on Open VSX Registry was hijacked to distribute GlassWorm malware through widely-used extensions, exposing thousands of developers to credential and crypto theft in a sophisticated supply chain attack.
#GlassWorm malware | #supply chain attack | #credential theft
A sophisticated malware campaign hid in plain sight on the Open VSX registry, using a fake Angular Language Service extension to siphon developer secrets and crypto wallets via blockchain-based command and control.
#VS Code extension | #Credential theft | #Supply chain attack
TAMECAT, a PowerShell-based backdoor linked to Iranian APT42, targets high-profile officials by stealing Edge and Chrome browser credentials. This feature unpacks its infection chain, stealth tactics, and the urgent need for browser security.
A massive 2025 breach reveals unchanged password habits: '123456' and 'password' top the list, leaving individuals and businesses exposed despite years of security warnings.
A global cyberattack leveraged Google Ads and deceptive PDF editor downloads to spread the TamperedChef infostealer, exposing organizations in 19 countries to credential theft and advanced digital deception.
A stealthy malware campaign targeting a major U.S. bank's employee ecommerce platform compromised over 200,000 workers' credentials, exposing a critical blind spot in corporate cyber defense.