Latest

GlassWorm malware has infiltrated Visual Studio Code extension repositories for the third time. Threat actors uploaded 24 new malicious packages to OpenVSX and the Microsoft Visual Studio Marketplace, despite two previous campaigns earlier this year. Security researchers first identified GlassWorm in October 2025. The malware steals credentials from GitHub, npm,

Google released its December security update for Android, fixing 107 vulnerabilities across the operating system. Two of these were zero-day flaws that attackers had already exploited in targeted campaigns. The zero-day vulnerabilities carry the identifiers CVE-2025-48633 and CVE-2025-48572. The first permits unauthorized access to sensitive information, while the second enables

Security researchers have discovered a sophisticated malware campaign that infected millions of browser users through extensions that appeared harmless for years before activating dangerous spyware capabilities. The ShadyPanda campaign, uncovered by Koi Security, distributed 145 malicious extensions—20 for Chrome and 125 for Edge—that were collectively installed over 4.

Asahi Group Holdings, Japan's largest beer producer, has confirmed that a ransomware attack in fall 2025 compromised personal data belonging to nearly two million customers, employees, and business contacts. The breach affected 1.9 million individuals across multiple categories: 1.525 million customer service contacts, 114,000 external

Cybersecurity researchers at Cleafy identified a new Android banking Trojan called Albiriox that targets more than 400 applications worldwide—including banking, financial, cryptocurrency, trading, payment, investment, and gaming platforms. Russian-speaking hackers are distributing the malware using a "malware-as-a-service" (MaaS) model. Albiriox gives attackers complete control over infected smartphones,