CallPhantom Scam Apps Reached 7.3M Google Play Installs
ESET says 28 CallPhantom apps in Google Play sold fake call, SMS,…
QLNX RAT Targets Linux Developer and Cloud Credentials
Trend Micro reports QLNX, a Linux-focused Quasar RAT variant that combines persistence,…
TCLBANKER Banking Trojan Spreads Through WhatsApp and Outlook
Elastic reports that TCLBANKER hides inside a fake peripheral-device installer, uses DLL…
PyPI ZiChatBot Packages Linked to Suspected OceanLotus Campaign
Kaspersky reports a suspected OceanLotus campaign that used malicious PyPI packages to…
ClickFix WordPress Attacks Push Vidar Stealer Malware
Australia warns that ClickFix attacks are abusing compromised WordPress sites and fake…
Fake Claude AI Site Pushes Beagle Windows Backdoor
A fake Claude AI download site is using a working-looking installer to…
GoDaddy ManageWP Phishing Ads Target WordPress Admins
A paid-search phishing campaign is targeting GoDaddy ManageWP logins, turning one stolen…
Microsoft AiTM Phishing Targeted 35,000 Users
Microsoft says a code-of-conduct phishing campaign targeted 35,000 users with PDF lures,…
CloudZ Malware Abuses Microsoft Phone Link to Steal OTPs
Cisco Talos says CloudZ RAT and its Pheno plugin target Microsoft Phone…
MuddyWater Uses Microsoft Teams Phishing in Chaos Ransomware Masquerade
Rapid7 says MuddyWater used Microsoft Teams social engineering, remote tools, stolen credentials,…
Palo Alto PAN-OS Flaw CVE-2026-0300 Exploited for Root RCE
Palo Alto Networks says CVE-2026-0300 is being exploited on exposed PAN-OS User-ID…
DAEMON Tools Supply Chain Attack: Official Installers Backdoored
DAEMON Tools installers were trojanized in a supply-chain attack. Check affected versions,…