Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

WhatsApp File, One Click, Full Control: Microsoft Flags Silent Malware Attack Using VBS Scripts

Microsoft warns of a new silent cyberattack spreading through WhatsApp messages with disguised VBS files. The malware hides ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...
SecurityWeek

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

A new ClickFix attack that leverages a Nuitka loader targets macOS users with the Python-based Infiniti Stealer malware.
Infosecurity-magazine.com

New Cryptojacking Malware Targets Docker with Novel Mining Technique

A new cryptojacking malware campaign is targeting Docker environments using a novel mining technique, according to researchers from Darktrace and Cado Security Labs. The campaign demonstrates a trend ...
Bleeping Computer

Microsoft Teams voice calls abused to push Matanbuchus malware

The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Matanbuchus is a malware-as-a-service operation seen ...