4+ hour, 51+ min ago  (394+ words) A variant of the Pure Logs infostealer malware has been distributed through purchase-order-themed phishing emails that use a malicious Java Script file to launch a multi-stage infection chain on Windows systems. According to new analysis from Forti Guard Labs, the…...

22+ hour, 51+ min ago  (413+ words) An Android remote access trojan (RAT) that lets buyers build their own custom payloads without writing a line of code has been observed spreading through phishing campaigns across Brazil and beyond. According to new analysis from ESET, the malware, known…...

2+ day, 3+ hour ago  (237+ words) A new phishing-as-a-service (Phaa S) platform called Kali365 is being distributed in the wild, primarily via Telegram, the FBI has warned. First detected in April 2026, Kali365 provides cyber threat actors access to AI-generated phishing lures, automated campaign templates real-time targeted individual and entity…...

5+ day, 21+ hour ago  (285+ words) A VPN service used by ransomware operators, fraudsters and data thieves to mask their activity has been taken offline in a coordinated operation led by France and the Netherlands. According to Europol, the law enforcement action ran from May 19 to…...

2+ week, 23+ hour ago  (444+ words) End-to-end encrypted (E2 EE) Rich Communication Services (RCS) messaging is being rolled'out in beta between i Phone and Android handsets, closing one of the longest-running interoperability gaps in mainstream mobile messaging. Apple announced the beta rollout on May 11, with Google confirming…...

2+ week, 1+ day ago  (416+ words) A new variant of the Trick Mo Android banking trojan has moved its primary command-and-control (C2) transport onto The Open Network (TON) Blockchain, routing communications through the decentralized overlay's. adnl identities to make traditional domain takedowns largely ineffective. The variant, identified…...

2+ week, 2+ day ago  (265+ words) The US Federal Communications Commission (FCC) has extended the deadline for owners of banned internet routers to provide security updates to US-based users by two years. In March 2026, the Commission banned the import and sale of all "consumer-grade" internet routers…...

2+ week, 6+ day ago  (421+ words) A Windows malware toolkit has been observed stealing SMS messages and one-time passwords (OTPs) from victim machines by hijacking Microsoft's Phone Link application, sidestepping the need to directly compromise a target's mobile device. The activity has been ongoing since at…...

3+ week, 15+ hour ago  (300+ words) A phishing campaign targeting more than 35, 000 users across 13, 000 organizations has been identified by the Microsoft Defender Research team. The large-scale credential theft campaign used fake internal compliance or regulatory communications as lures for the campaign. The campaign ran between April…...

3+ week, 22+ hour ago  (481+ words) A long-running phishing operation that abuses signed remote monitoring and management (RMM) software to plant silent, persistent backdoors on victim machines has compromised more than 80 organizations, predominantly in the US. Codenamed Venomous#Helper'and active since at least April 2025, the campaign…...