Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...

Let me tell you how I came within steps of becoming a victim in an elaborate social engineering scheme designed to exploit something so routine and apparently harmless as a Microsoft Teams call ...

AI agents like Claude Code are reshaping software development by automating legacy modernisation and routine coding. A recent ...

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Security teams are rarely short of technology. What they lack is capacity. Time to investigate properly. Headroom to think ...

Who is knocking at the Dohdoor? Digital intruders with possible links to North Korea have been infecting US education and healthcare sectors with a never-before-seen backdoor since at least December, ...

Chrome and Edge users warned about NexShield browser extension scam that causes crashes and tricks users into installing ...

Cisco Talos tracks UAT-10027 targeting U.S. education and healthcare with Dohdoor DoH-based backdoor and Cobalt Strike ...

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online ...

I’m a traditional software engineer. Join me for the first in a series of articles chronicling my hands-on journey into AI ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...