WhatsApp Web malware spreads banking trojan automatically

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations.
The Hacker News

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

CERT-UA reports PLUGGYAPE malware attacks targeting Ukrainian defense forces via Signal and WhatsApp, using phishing links ...
Microsoft

Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations

Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals ...
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
Opinion
CSO OnlineOpinion

The 2 faces of AI: How emerging models empower and endanger cybersecurity

AI helps security teams move faster — but it’s also helping attackers do the same, turning cybersecurity into a race of machines versus machines.
The Hacker News

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

GoBruteforcer malware uses weak passwords and exposed services to build a botnet targeting crypto projects, Linux servers, ...
Infosecurity Magazine

VVS Stealer Uses Advanced Obfuscation to Target Discord Users

A new Python-based malware called VVS stealer has been identified, targeting Discord users with stealthy techniques to steal ...

Threat Spotlight: The number of phishing kits doubled in 2025, bringing stealth, innovation and the same old themes

In 2025, the number of known phishing-as-a-service (PhaaS) kits doubled in number, increasing the pressure on security ...

Word of the Week: What makes a military attack ‘kinetic’?

Kinetic” — from the Greek kinētikos, meaning putting in motion — has become a recurring word for government officials talking ...
Decrypt

DeadLock Ransomware Using Polygon Smart Contracts to Evade Detection

The ransomware family’s abuse of Polygon smart contracts echoes techniques recently seen in Ethereum-based attacks.

Stack Online Tools Launches 100+ Free Online Utilities Built with Privacy in Mind

An all-in-one browser-based platform for developers, marketers, and creators—no logins required, no limits, and ...

New laws say more about leadership than free speech

Rob Harris’s article illustrates how quickly we now reach for legislation to manage speech (“ Social media posts could fall ...