New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Keep your host free from lingering services and mismatched versions. Run your dev stack in isolation and rebuild it when needed.

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...

8 powerful apt commands every Linux user should know - or else you're missing out ...

BlackSanta is a malware module that kills EDR and AV at the kernel level prior to unleashing the malware’s final purpose.

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

We are totally destroying the terrorist regime of Iran, militarily, economically, and otherwise, yet, if you read the Failing New York Times, you would incorrectly think that we are not winning.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Fake OpenClaw installers on GitHub deployed credential stealers and a proxy tool linked to the Black Basta ransomware group, while Bing's AI served the malicious ...

The Efimer malware campaign is hijacking Google SEO to drain the crypto wallets of Oscar fans hunting for free movies, Cybernews researchers found.