Bitdefender

ClickFix: When the victims help the hackers

ClickFix scams trick users into infecting their own devices by following fake security and browser troubleshooting ...
Microsoft

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by ...
Infosecurity Magazine

Malicious Hugging Face Repository Typosquats OpenAI

Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, ...

ADEX Publishes Analysis of XCSSET Malware: Research Details How Active Infection Spreads Silently Through Xcode Projects, GitHub Repositories, and Developer Credentials

The ADEX security team has released a detailed technical case study documenting a live XCSSET infection detected, captured, and analyzed within a client environment – an iOS app development studio ...
CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...
WeLiveSecurity

Webworm: New burrowing techniques

EchoCreep, which uses Discord for C&C communication, and GraphWorm, which uses Microsoft Graph API for the same purpose. The ...
Security Boulevard

How to Reissue Sectigo and DigiCert Code Signing Cert with Install on Existing HSM Orders?

The industry is moving toward shorter certificate lifetimes, and many Certificate Authorities now issue code signing certificates with a maximum validity of 459 days instead of multi-year end-entity ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
InfoQOpinion

Leading Open Source Author Calls for Verification over Trust in Software Supply Chains

In a blog post published in March 2026, Daniel Stenberg, creator and lead developer of curl, makes the case that the software ...
CSO Online

Why some security fixes never reach your vulnerability dashboard

CVE was built to track code flaws with fixes. It’s now being stretched to cover malware and supply chain incidents that don’t ...