malware

The “IClickFix” Trap: 3,800+ WordPress Sites Poisoned by Fake CAPTCHAs IClickFix Framework WordPress Watering Hole

IClickFix Framework WordPress Watering Hole

The “IClickFix” Trap: 3,800+ WordPress Sites Poisoned by Fake CAPTCHAs

Do Son February 3, 2026

A massive wave of “watering hole” attacks has turned thousands of legitimate WordPress websites into traps for...

Notepad++ Hijacked: State-Sponsored Actors Poisoned Updates for Months FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Notepad++ Hijacked: State-Sponsored Actors Poisoned Updates for Months

Do Son February 2, 2026

The developer behind Notepad++, the ubiquitous open-source text editor found on millions of developer desktops, has confirmed...

“Update” to Nightmare: eScan Antivirus Hacked to Distribute Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

“Update” to Nightmare: eScan Antivirus Hacked to Distribute Malware

Do Son January 30, 2026

Security researchers at Morphisec have uncovered a massive compromise affecting eScan, an enterprise antivirus solution developed by...

“Repo Squatting”: How Hackers Are Using GitHub’s Own Features to Hijack Official Repos GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

“Repo Squatting”: How Hackers Are Using GitHub’s Own Features to Hijack Official Repos

Do Son January 27, 2026

In a clever twist on software supply chain attacks, threat actors are weaponizing a quirk in GitHub’s...

The CAPTCHA Trap: ClearFake Malware Tricks Users Into Hacking Themselves axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

The CAPTCHA Trap: ClearFake Malware Tricks Users Into Hacking Themselves

Do Son January 27, 2026

A sophisticated malware campaign is turning a standard security verification step into a trap. Security researchers at...

Trusted Tool, Hidden Threat: Official EmEditor Installer Hijacked to Push Malware EmEditor Supply Chain Attack Trojanized Installer

EmEditor Supply Chain Attack Trojanized Installer

Trusted Tool, Hidden Threat: Official EmEditor Installer Hijacked to Push Malware

Do Son January 27, 2026

A compromised installer for EmEditor, a text editor trusted by developers worldwide, has been used to distribute...

The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code

Do Son January 26, 2026

Cyber spies aligned with North Korea are now weaponizing a tool beloved by developers worldwide—Visual Studio Code—to...

Critical CISA Adds 4 Critical Flaws to “Must-Patch” List as Exploits Surge CISA KEV Update Versa Concerto Vulnerability KEV Catalog Vulnerability Patch CVE-2025-30406

CISA KEV Update Versa Concerto Vulnerability KEV Catalog Vulnerability Patch CVE-2025-30406

Critical CISA Adds 4 Critical Flaws to “Must-Patch” List as Exploits Surge

Do Son January 23, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

Critical Public PoC Exploit Released for Critical Android Flaw Grants Apps Permissions Without You Knowing Android CVE-2024-23700 Zero-Interaction Exploit Candiru spyware Android vulnerability, security update

Android CVE-2024-23700 Zero-Interaction Exploit Candiru spyware Android vulnerability, security update

Critical Public PoC Exploit Released for Critical Android Flaw Grants Apps Permissions Without You Knowing

Do Son January 23, 2026

A critical privilege escalation vulnerability in the Android ecosystem is raising alarms after security researcher Canyie publicly...

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner sympy-dev Malware PyPI Supply Chain Attack

sympy-dev Malware PyPI Supply Chain Attack

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Do Son January 23, 2026

A deceptive new supply chain attack has been uncovered in the Python ecosystem, where a malicious package...

Trust Hijacked: Hackers Seize Expired Domains to Poison Linux Snap Apps Snap Store Malware Domain Hijacking

Snap Store Malware Domain Hijacking

Trust Hijacked: Hackers Seize Expired Domains to Poison Linux Snap Apps

Do Son January 22, 2026

A disturbing new tactic has emerged in the Linux software ecosystem, turning trusted developer accounts into vehicles...

Bandwidth Bandits: Fake Notepad++ Installers Hide “Proxyjacking” Malware Proxyjacking Larva-25012

Proxyjacking Larva-25012

Bandwidth Bandits: Fake Notepad++ Installers Hide “Proxyjacking” Malware

Do Son January 22, 2026

A new wave of cyberattacks is targeting users looking for free software, turning their computers into unwilling...

“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code

Do Son January 21, 2026

The “Contagious Interview” campaign, a sophisticated cyber-espionage operation attributed to North Korean (DPRK) threat actors, has evolved...

“Evelyn Stealer” Weaponizes Visual Studio Code Extensions KTLVdoor backdoor - CoffeeLoader Malware

KTLVdoor backdoor - CoffeeLoader Malware

“Evelyn Stealer” Weaponizes Visual Studio Code Extensions

Do Son January 21, 2026

The tools that software developers trust most are being turned against them in a sophisticated new malware...

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions Amazon Ads Blocker Affiliate Link Hijacking Malicious browser extensions

Amazon Ads Blocker Affiliate Link Hijacking Malicious browser extensions

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions

Do Son January 19, 2026

A new and sophisticated campaign targeting enterprise environments has been uncovered by Socket’s Threat Research Team. Five...

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets GlassWorm Wave 4, macOS Supply Chain Attack

GlassWorm Wave 4, macOS Supply Chain Attack

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets

Do Son January 6, 2026

The resilient “GlassWorm” threat actor, known for embedding malicious code into Visual Studio Code extensions, has returned...

The Sleeper in Your Browser: How DarkSpectre Turned 8.8 Million Extensions into State-Aligned Spies DarkSpectre, Browser Extension Espionage

DarkSpectre, Browser Extension Espionage

The Sleeper in Your Browser: How DarkSpectre Turned 8.8 Million Extensions into State-Aligned Spies

Do Son January 5, 2026

In a revelation that exposes a gaping hole in the browser extension ecosystem, Koi Security has unmasked...

New “Eternl Desktop” Phishing Lure Drops LogMeIn to Hijack Cardano Wallets live

live

New “Eternl Desktop” Phishing Lure Drops LogMeIn to Hijack Cardano Wallets

Do Son January 2, 2026

The Cardano community is currently in the crosshairs of a highly sophisticated “wolf in sheep’s clothing” campaign....

EmEditor Compromised: “WALSHAM” Imposter Poisons Official Installer with Spyware Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

EmEditor Compromised: “WALSHAM” Imposter Poisons Official Installer with Spyware

Do Son December 29, 2025

In a major supply chain security incident, the popular text editor EmEditor has confirmed that its official...

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central

Do Son December 29, 2025

The Java ecosystem, long considered a fortress compared to the wild west of npm, has been breached...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-4020CVSS 7.5
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and...
CVE-2026-10735
Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to...
CVE-2026-20262CVSS 6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,...
CVE-2026-54420CVSS 8.5
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a...
CVE-2026-53435CVSS 8.8
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize...
CVE-2026-10795CVSS 8.1
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions...
CVE-2026-11645
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker...
CVE-2026-50751CVSS 9.3
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows...
CVE-2026-20245CVSS 7.8
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local...