Security researchers have uncovered a new campaign leveraging a variant of the Atomic macOS Stealer (AMOS), deploying a sophisticated blend of phishing and technical exploitation to target both consumer and corporate macOS users.
The campaign, first detected in early June 2025, uses typosquatted domains mimicking U.S....
The Android malware ecosystem has seen a surge of innovation in 2024, with threat actors actively circumventing security measures introduced in recent Android versions.
One of the most concerning developments is the ability of advanced malware loaders to bypass the heightened accessibility restrictions implemented...
In a wake-up call for the renewable energy sector, recent cybersecurity research has revealed that nearly 35,000 solar power management devices including inverters, data loggers, and gateways from 42 different vendors are openly accessible via the internet.
This exposure leaves critical infrastructure susceptible to cyberattacks...
In a technically sophisticated supply chain attack, threat actors have released malicious Ruby gems designed specifically to steal Telegram bot tokens hitting developers scrambling for Telegram workarounds after Vietnam’s nationwide ban on the messaging platform.
This campaign, uncovered by Socket’s Threat Research Team, highlights...
In a sophisticated new supply chain attack, threat actors have leveraged both Python’s PyPI and JavaScript’s NPM ecosystems to target developers and administrators on Windows and Linux platforms.
Discovered by researcher Ariel Harush, this campaign deploys typo-squatting and cross ecosystem name confusion techniques that...
A significant vulnerability in SolarWinds Dameware Mini Remote Control (MRC), a popular remote desktop management tool used by enterprises worldwide, was uncovered by security researchers.
The flaw, assigned CVE-2025-26396, allows attackers with local access and a low-privileged account to escalate their privileges to higher levels...