Threat actors are exploiting the 2025 tax season with phishing campaigns delivering malware like BRc4, Latrodectus, Remcos, and more. Here's how attackers are using IRS lures, QR codes, and PhaaS platforms to breach U.S. organizations.
A phishing operation tied to Russian intelligence mimics Ukrainian paramilitary recruitment pages to unmask citizens opposing the war. Search engines helped rank the fakes — exposing users to surveillance, arrest, or worse.
Security researchers found a way to exfiltrate internal binaries and proto files from Google Gemini's Python sandbox—without breaking out of it.
A Russia-backed campaign is using deceptive documents to hack Ukraine-linked targets. Here's how the malware works and what defenders should watch for.
Nearly 900 spoofed domains impersonate defense and aerospace firms supporting Ukraine. Credential theft and malware delivery linked to large phishing ops.
Russia is abusing domain registrars to run global disinformation campaigns. Learn how spoofed infrastructure enables phishing, propaganda, and evasion.
Attackers are hiding malware in WordPress mu-plugins, bypassing detection and gaining persistent access. Learn how it works and how to secure your site.
SignalGate, Next.js auth vuln, Kubernetes major RCE bug, Chinese shell companies hiring laid off gov employees, and much more!
