TL;DR  Introduction  At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

Attackers are increasingly abusing legitimate system utilities and widely used administrative tools to deliver malware, move through networks and avoid detection, forcing security teams to rethink ...

Steve Ballmer’s darkest fear has come to pass: Linux has worked itself into the deepest innards of Microsoft Windows itself. At the company’s annual Build developer conference this week, Microsoft ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.

I switched to WSL 2 and finally stopped feeling locked into Windows — here's why that changes everything.

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...

When I (along with many other people) had a lot of trouble trying to install SQL Server Management Studio in an attempt to switch from the SQL Server 2008 R2 evaluation to the free Express version, I ...

BlueNoroff hackers used fake Zoom calls, ClickFix prompts, and fileless PowerShell malware to steal credentials from Web3 and crypto targets.

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...

Abstract: Cyber-attacks have evolved dramatically over the past decade, becoming more targeted and sophisticated. Attackers now employ various techniques, including phishing, ransomware, and Remote ...