WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.

Ransomware hackers are now running Linux encryptors in Windows to stay undetected

EDR tools aren't scanning Linux sandbox environments on Windows, giving cybercriminals a unique opportunity to work ...