Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows ...

Why Passwords Are Still a Developer's Problem in 2026. The case against password-based authentication is well-established in the IAM community, but the practical implications for ...

Ring Team Announces Significant New Contributions by Developer Youssef Saeed Youssef’s contributions, creativity, and ...

It has been a rough start to the year for password security. A massive database containing 149 million stolen logins and passwords was found publicly exposed online. The data included credentials tied ...

‘123456’ continues to reign supreme as the most commonly-used password among people across the world, according to two reports, from NordPass and Comparitech, respectively. A full 25 percent of the ...

Security firm Mandiant has released a database that allows any administrative password protected by Microsoft’s NTLM.v1 hash algorithm to be hacked in an attempt to nudge users who continue using the ...

Can you remember all your passwords off the top of your head? If so, you probably have too few of them – or, heaven forbid, only one that you use everywhere. But that problem could become a thing of ...