Microsoft is expanding security in Edge by connecting its local, on-device scareware detector to the cloud-based Defender SmartScreen service. The integration, introduced in Edge 142, is designed to reduce “time to protection” — the gap between the appearance of a new fraudulent page and when it is broadly blocked for users. Scareware and tech support … Read more

U.S. federal prosecutors have charged three individuals — including two former cybersecurity professionals — with allegedly compromising the networks of five American companies and participating in a multimillion‑dollar BlackCat (ALPHV) ransomware scheme. According to court filings, the defendants demanded cryptocurrency ransoms ranging from $300,000 to $10 million, with at least one confirmed payment of $1.27 … Read more

Researchers at Socket report the discovery of nine malicious NuGet packages engineered with delayed activation designed to evade detection for years. The payloads are tailored to .NET data access (SQL Server, PostgreSQL, SQLite) and to industrial communication with Siemens PLCs via the Sharp7 stack, with sabotage logic set to trigger between August 2027 and November … Read more

Threat actors tracked as GlassWorm have again compromised the Visual Studio Code ecosystem by publishing three new malicious extensions to OpenVSX, accumulating more than 10,000 downloads before removal. The incident follows tightened controls after a previous wave, underscoring persistent gaps in marketplace vetting and developer defenses. Who is GlassWorm and why this campaign matters Observed … Read more

Microsoft’s optional update KB5067036, released on October 28, 2025 for Windows 11 versions 24H2 and 25H2, introduces a regression that prevents Task Manager from terminating cleanly. Closing the Task Manager window does not end the underlying taskmgr.exe process, leading to multiple orphaned instances that accumulate over time and degrade system performance. Who is affected and … Read more

Google’s Threat Intelligence Group (GTIG) is tracking a notable shift in adversary tradecraft: threat actors are embedding large language models (LLMs) directly into malware runtime, enabling self-modifying code that adapts mid-execution. This approach aims to frustrate signature-based detection and static analysis while accelerating iteration speed and lowering development costs for attackers. AI-powered, self-modifying malware: what … Read more

Palo Alto Networks has identified a previously unknown surveillance platform, LandFall, that abused a zero‑day flaw in select Samsung Galaxy smartphones by weaponizing DNG image files sent over WhatsApp. The campaign has been active since at least July 2024; Samsung issued a fix only in April 2025, leaving roughly nine months of in‑the‑wild exploitation. Technical … Read more

Attackers are actively targeting WordPress sites via a critical vulnerability, CVE-2025-11833, in the widely used Post SMTP plugin (over 400,000 installs). The flaw enables unauthenticated access to email logs, allowing adversaries to harvest password-reset links and seize administrator accounts, resulting in full site compromise. WordPress exploitation timeline and exposure The issue was reported by researcher … Read more

Threat researchers at Proofpoint are tracking a wave of targeted phishing operations against transportation and logistics providers that convert cyber intrusions into physical cargo theft. Industry estimates regularly cite annual losses above $30 billion, and the scale of these attacks is beginning to affect supply chain resilience. Attack vector: load board account takeover and social … Read more

Researchers at Secure Annex have identified a malicious Visual Studio Code Marketplace extension posing as a benign developer tool yet exhibiting core ransomware-like behavior. The package, named susvsex and published by suspublisher18, blends data exfiltration with on‑disk file encryption, underscoring how IDE extensions can be weaponized for developer supply chain attacks. Secure Annex findings: overt … Read more