MSBuild, a legitimate Microsoft build tool embedded in many Windows and developer environments, is drawing renewed scrutiny after fresh threat research showed how attackers are using it to run ...

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Learn how to use PowerShell "for" loop to automate tasks in Windows PowerShell. Includes syntax, examples, loop comparisons ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

A newly uncovered malware campaign is combining ClickFix delivery with AI generated evasion techniques to steal enterprise user accounts and passwords. The attacks are designed to provide intruders ...

Microsoft’s CA-2023 Secure Boot update broke PCs. Learn why UEFI firmware failed, how vendors reacted, and how to fix your boot issues.

Researchers have uncovered a new malware strain capable of stealing credentials immediately after gaining a foothold on a victim network, capturing both stored browser passwords and live keystrokes in ...