Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic ...

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself ...

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with ...

Proofpoint says Chinese cybercrime group TA4922 is using AI-assisted phishing and apparently LLM-developed malware, including ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...

这项研究由上海交通大学、上海财经大学和斯坦福大学联合完成，论文发表于2026年5月，预印本编号为arXiv:2605.28158v1，感兴趣的读者可通过该编号在arXiv平台查阅完整论文。