Chrome Native Messaging Backdoor Steals Session Cookies
A fake invoice campaign installed a malicious Chrome extension and Native Messaging Host to steal session cookies and run PowerShell on Windows.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 28, 2026
Latest reports
OXLOADER Malware: Fake Node.js Ads Drop CastleStealer
A fake Node.js sponsored result delivered OXLOADER and CastleStealer. Learn what to check after a suspicious installer and how to protect accounts.
Aviator Predictor Malware
Aviator Predictor-style apps can be used as fake crypto and crash-game tools. Learn how the malware risk works and what to check after running…
Phantom Stealer RFQ Phishing
Fortra warns that Phantom Stealer is being delivered through fake request-for-quote archives. Here is what the Windows attack chain does and what to check…
ScreenConnect Client Scam: Remove Unexpected Remote Access
Found ScreenConnect Client or ConnectWise Control after a call, email, or fake update? Stop remote access, remove the service, scan with Gridinsoft, and secure…
Social Security Statement Email Scam Uses ScreenConnect
A June 2026 fake Social Security Statement email used a t.co link, a fake PDF update page, and ScreenConnect.ClientSetup.exe. See the IOCs and what…
CryptoBandits.A USB Clipper
Microsoft reports CryptoBandits, a USB-spread crypto clipper. Check .lnk shortcuts, ugate.exe, localhost:9050, scheduled tasks, and wallet-address changes.
Tiflux RMM Malware: Unauthorized Remote Access Cleanup
Unexpected Tiflux RMM after a service-agreement email can mean unauthorized remote access. Learn what TiAgent, TiService, Splashtop, ScreenConnect, and UltraVNC mean and how to…
Potemkin Loader Turns ClickFix Into 11-Host Intrusion
A ClickFix command dropped Potemkin Loader, RMMProject and EtherRAT across 11+ hosts. Here is what to check after a fake verification command ran.