Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

Security researchers at Malwarebytes have uncovered a new malware campaign targeting Windows users with a fraudulent clone of Microsoft's site.

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

In early April 2025, security researchers confirmed that North Korean state-sponsored hackers had successfully compromised the Axios HTTP library. It is one ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Morey J. Haber, Chief Security Advisor at BeyondTrust, is an identity and technical evangelist with over 25 years of IT industry experience. We often prepare for threats that are visible, and ...

A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident ...

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...