Research
-
108 malicious Chrome extensions linked to shared server, data theft
Researchers found 108 malicious Chrome extensions tied to one backend server, with the add-ons used to steal account data, exfiltrate Telegram sessions and inject ads or scripts into visited pages.
-
JanelaRAT malware targets banks in Brazil and Mexico, Kaspersky says
JanelaRAT malware has targeted banks and financial institutions in Brazil and Mexico, with Kaspersky recording more than 26,000 attacks there in 2025. The trojan can steal credentials, track activity and use browser extensions for fraud.
-
OpenAI revokes Mac app certificate after Axios supply chain incident
OpenAI said a GitHub Actions workflow used to sign its Mac apps downloaded a malicious Axios package on March 31. The company is revoking the certificate, but said it found no evidence of data or system compromise.
-
APT37 Uses Facebook, Telegram in RokRAT Phishing Campaign
North Korea-linked APT37 used Facebook and Telegram to deliver RokRAT in a multi-stage campaign that relied on fake personas, a trojanized PDF viewer and compromised infrastructure, according to a technical analysis by Genians Security Center.
-
New VENOM phishing attacks target Microsoft logins of senior executives
A new phishing-as-a-service platform called VENOM has been targeting Microsoft credentials of senior executives since at least last November, using personalized lures, QR codes and methods that can capture session tokens.
-
UAT-10362 targets Taiwanese NGOs with Lua malware in spear-phishing campaign
A previously undocumented threat cluster called UAT-10362 has targeted Taiwanese NGOs and suspected universities with spear-phishing emails carrying Lua-based malware, according to Cisco Talos. The campaign uses DLL side-loading, geofencing and layered dropper tools.
-
Smart Slider update hijacked to push malicious WordPress and Joomla versions
Hackers hijacked the Smart Slider 3 Pro update system for WordPress and Joomla, pushing a malicious version that could create hidden admin accounts, install backdoors and steal credentials, according to the vendor and a technical analysis.
-
Cisco Talos warns attackers are abusing GitHub and Jira notifications for phishing
Cisco Talos says attackers are abusing GitHub and Jira notification systems to send phishing emails that pass standard authentication checks and may look trusted to corporate users.
-
Adobe Reader zero-day exploited through malicious PDFs since December 2025
A technical analysis says attackers have abused a previously unknown Adobe Reader zero-day through malicious PDFs since at least December 2025. The files can run JavaScript, collect data and potentially deliver more payloads.
-
Atomic Stealer campaign abuses macOS Script Editor in ClickFix variation
A new macOS malware campaign is using Script Editor in a ClickFix-style attack to deliver Atomic Stealer, avoiding Terminal prompts and relying on fake Apple-themed pages that push users to run malicious code.
