Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, ...

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware downloads.

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware ...

Those aren't toys. Malware used in a sophisticated spear-phishing and infostealing campaign by Russian bad actors includes a component dubbed BlackSanta that can shut down antivirus and EDR ...

Recent social engineering schemes involving WordPress and Microsoft’s Windows Terminal show that this relatively basic tactic is a growing threat.

Throughout early 2026, SentinelOne’s Digital Forensics & Incident Response (DFIR) team has responded to several incidents where FortiGate Next-Generation Firewall (NGFW) appliances have been ...

Coverage claims without context are one of the most persistent sources of confusion in security tooling. This post breaks down four myths behind ATT&CK coverage claims and offers a more useful ...

As enterprises increasing depend on cloud services, living off the land has evolved into living off the cloud.