CSO Online

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.
Tech Xplore

Smarter machine-learning models can improve phishing website detection

Phishing websites remain a persistent cybersecurity threat, exploiting users by imitating trusted online services. New ...
Infosecurity Magazine

Phorpiex Phishing Delivers Low-Noise Global Group Ransomware

According to a new advisory by Forcepoint, the campaign relies on the continued effectiveness of Windows shortcut (.lnk) ...

North Korean hackers use new macOS malware in crypto-theft attacks

North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector.
MIT Technology Review

AI is already making online swindles easier. It could get much worse.

Some cybersecurity researchers say it’s too early to worry about AI-orchestrated cyberattacks. Others say it could already be happening.

What is phishing: How to spot and stop this common online fraud

The internet has changed how people work, shop, bank and stay in touch. Bills are paid online. Salaries are credited ...

New tool blocks imposter attacks disguised as safe commands

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by ...

How common fonts can enable digital scams

In 2024, creative platform Canva reported the discovery of three “CVE’s” (common vulnerabilities and exposures) in font files. The first had the potential to allow fonts to deliver a malicious XML ...
WinBuzzer

New Microsoft Edge Android Flaw Enables Spoofing Attacks

Microsoft has disclosed CVE-2026-0391, a UI spoofing vulnerability in Edge for Android that enables network attacks and ...