Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code ...

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials ...

Card skimmers were found in 1x1 pixel SVG images, apparently deployed through PolyShell.

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring immediate patching and compromise assessment.

TA416 targeted European governments from mid-2025 using PlugX and OAuth abuse, enabling cyber espionage against EU and NATO ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Russian CTRL toolkit spread via malicious LNK files in February 2026, routing C2 through FRP-tunneled RDP to evade detection.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...