CL-UNK-1068, a Chinese-linked espionage group, has quietly infiltrated critical infrastructure across Asia since 2020, using advanced malware, credential theft, and stealthy data exfiltration to evade detection and harvest sensitive information.
Malicious actors are exploiting Chrome extension ownership transfers to inject code, steal data, and hijack browsers, turning trusted tools into dangerous threats. Learn how these attacks work and why users must remain vigilant.
A global wave of malicious AI-themed browser extensions infiltrated over 20,000 organizations, stealing private chat data and posing a major compliance risk, according to Microsoft’s latest alert.
Attackers are cloning install guides for popular developer tools like Claude Code, using malvertising to push Amatera Stealer malware and harvest sensitive data. Discover how the InstallFix technique works and why vigilance is critical.
Ransomware groups are abusing Microsoft’s AzCopy utility to exfiltrate sensitive data, turning a trusted cloud migration tool into a covert data theft channel that often evades detection.
A critical Chrome flaw let malicious extensions hijack the new Gemini AI panel, exposing users to high-risk privilege escalation and data theft before Google issued a patch. Here’s what went wrong—and why AI in browsers is a double-edged sword.
A new remote access trojan called Steaelite is arming cybercriminals with a unified platform for data theft and ransomware, accelerating double extortion attacks against businesses. Learn how this tool works and why traditional defenses may no longer be enough.
Everest ransomware has struck again, adding its 111th victim to a notorious roster. This feature unpacks the group's tactics, the role of public leak trackers, and the urgent need for cyber-resilience.
Anthropic’s warnings about AI data theft by Chinese firms have backfired, with Elon Musk highlighting the company’s own history of copyright lawsuits and settlements. The episode exposes the complex—and often hypocritical—nature of data use in the AI industry.
GrayCharlie, a financially motivated cybercrime group, is abusing compromised WordPress sites—including those of US law firms—to distribute NetSupport RAT and Stealc malware using fake browser updates and deceptive CAPTCHAs. Experts warn of supply-chain risks and urge immediate defensive action.