Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows update installer ...

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.

Adobe has released a fix for an Acrobat and Reader zero-day that attackers had been exploiting for months. The patch, shipped on April 11, addresses CVE-2026-34621, a critical vulnerability in Acrobat ...

Security researchers at Malwarebytes have uncovered a new malware campaign targeting Windows users with a fraudulent clone of Microsoft's site.

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident ...