Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.

Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups ...

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Last May, law enforcement authorities around the world scored a key win when they hobbled the infrastructure of Lumma, an infostealer that infected nearly 395,000 Windows computers over just a ...

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware. LummaStealer, also known as LummaC2, ...

Samsung Phones Samsung Galaxy S26 just got a new tool to protect you from scam calls and texts — here's how it works iPhones iOS 26.4 beta 2 now lets iPhones send encrypted RCS messages to Android — ...

Two newly uncovered malware campaigns are exploiting open-source software across Windows and Linux environments to target enterprise executives and cloud systems, signaling a sharp escalation in both ...

Crypto malware primarily hijacks computing resources for mining, spreading via phishing or infected websites, and operates stealthily to avoid detection. Cryptojacking differs from ransomware by ...

Mustang Panda uses Venezuela-themed phishing emails for cyberespionage Acronis uncovers malware linked to Mustang Panda operations Malware targets US government, policy-related entities, researchers ...

Crypto malware primarily hijacks computing resources for mining, spreading via phishing or infected websites, and operates stealthily to avoid detection. Cryptojacking differs from ransomware by ...

An emerging phishing campaign is exploiting a dangerous combination of legitimate Cloudflare services and open source Python tools to deliver the commodity AsyncRAT. The attack demonstrates threat ...