DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

You can wrap an executable file around a PowerShell script (PS1) so that you can distribute the script as an .exe file rather than distributing a “raw” script file. This eliminates the need to explain ...

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest ...

What makes the threat notable is the way it narrows the gap between a traditional RAT and an infostealer. Analysts found that STX RAT can give operators covert control of a victim machine through a ...

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...

STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery ...