The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a ...

A worker searching for an adblocker ended up installing malware instead after threat actor KongTuke pushed a fake Chrome ...

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...

Researchers uncovered a CrashFix campaign where a fake Chrome ad blocker crashes browsers to trick users into installing the ...

Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures ...

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations.

A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the ...

2025年12月初，以色列政府官网（gov.il）悄然上线一则安全通告，标题直指一个代号为“MuddyWater”（泥水）的网络威胁组织。尽管页面内容因Cloudflare验证机制未能完整抓取，但结合多方情报与历史攻击模式，网络安全界迅速达成共识：这是一次针对国家关键部门的高危预警。 通告虽简，却如警钟长鸣——MuddyWater正以更狡猾的鱼叉式钓鱼手段，瞄准政府机构、国防承包商、能源与电信等核 ...

ClickFix variant CrashFix relies on a malicious Chrome extension to crash the browser and trick victims into installing the ...

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and ...

A：Evelyn Stealer通过武器化VS Code扩展生态系统来攻击开发者。攻击者创建恶意的VS ...