
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
Jamf Threat Labs disclosed PamStealer, a Rust-based macOS infostealer that uses the PAM API to verify stolen passwords before exfiltrating

Jamf Threat Labs disclosed PamStealer, a Rust-based macOS infostealer that uses the PAM API to verify stolen passwords before exfiltrating

Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across

Securonix disclosed VEIL#DROP, an active campaign routing PureLogs Stealer through Google Blogger to bypass reputation-based enterprise security controls.

Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across

ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing

CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to

Attackers exploited SimpleHelp’s OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.

CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first

Microsoft removed 119 malicious Edge extensions in the StegoAd takedown, exposing a steganography campaign hiding malware in image and font

Hijacked npm and Go packages exploit VS Code’s MCP tasks to bypass npm lifecycle hook protections and deploy a cross-platform
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.