IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time ...

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by ...

A new beta of BleachBit, the free, cross-platform system cleaner app is available for testing. BleachBit 5.1.0 brings ...

MuddyWater’s Operation Olalampo targets MENA with GhostFetch, CHAR, HTTP_VIP, and AI-assisted malware since Jan 26, 2026.

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Mediabistro, which has served more than 16,000 employer customers, transforms its 25-year-old media job board into a modern platform with new intelligent features for employers Debuts Playbook, a ...

Backed by Redpoint Ventures, CrowdStrike Falcon Fund, CrowdStrike CEO George Kurtz, Wiz CEO Assaf Rappaport, and Okta Vice-Chairman Frederic Kerrest, the company was founded by veteran security ...

While the original Zoom-themed site at uswebzoomus [.]com was taken down by Namecheap following community reporting, a second site at googlemeetinterview [.]click is actively deploying the same ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.