New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

Fake Google Antigravity Installer Can Steal Accounts in Minutes

Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Infosecurity Magazine

MacOS Native Tools Enable Stealthy Enterprise Attacks

A growing range of native macOS features are being repurposed by attackers to execute code, move laterally and evade ...
SecurityWeek

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers used AppleScript and ClickFix in recent attacks targeting macOS systems at financial organizations.