
Unit 42 Exposes EtherRAT: Teams Calls Deliver Blockchain-Backed RAT
Unit 42 exposed an active campaign using fake Microsoft Teams IT support calls to install EtherRAT, a Node.js RAT whose

Unit 42 exposed an active campaign using fake Microsoft Teams IT support calls to install EtherRAT, a Node.js RAT whose

Proofpoint named UNK_MassTraction, a China-aligned group using Roundcube CVE-2024-42009 to steal credentials and 2FA tokens from university physics departments.

Attackers posing as 30-plus major brand recruiters use fake job interviews to steal Google credentials from marketing professionals who manage

North Korea’s PolinRider campaign used stolen maintainer credentials to push malicious updates to 108 packages across npm, Packagist, Go, and

CVE-2026-33697 lets relay attacks redirect confidential computing traffic without breaking attestation, affecting WhatsApp, Cocos AI, and Edgeless Systems.

QuimaRAT is a new Java-based malware-as-a-service RAT sold from $150 per month that targets Windows, Linux, and macOS enterprise and

A zero-click flaw in Opera GX’s mod system let malicious websites silently install data-harvesting browser extensions on the gaming browser’s

Researchers disclosed TrojPix, a new air-gap attack that manipulates pixel rendering to encode data as electromagnetic emissions from a computer’s

SkillCloak obfuscation lets malicious AI coding agent skills bypass over 90 percent of static detection tools, risking source code and

Zscaler found two active campaigns that embed hidden instructions in web pages, causing 4 of 26 AI agents tested to
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.