Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Arabian Post

Formbook phishing turns stealth into scale

Two separate phishing campaigns are hitting organisations with Formbook, a long-running information stealer that continues to adapt its delivery methods to slip past traditional Windows defences. The ...
Infosecurity Magazine

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...

Malware campaign lures users with fake Windows Update website

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...
IEEE

Mitigating Obfuscation Attacks on Software Plagiarism Detectors via Subsequence Merging

Abstract: Plagiarism is a significant challenge in computer science education. Thus, tool-based approaches are widely used to combat software plagiarism. However, especially due to the recent rise of ...

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows update installer ...

Adobe finally patches PDF pest after months of abuse

Adobe has released a fix for an Acrobat and Reader zero-day that attackers had been exploiting for months. The patch, shipped on April 11, addresses CVE-2026-34621, a critical vulnerability in Acrobat ...
Techzine Europe

Adobe patches vulnerability that steals data via PDFs

Researcher Haifei Li, founder of the exploit detection platform EXPMON, discovered a sophisticated attack that uses PDF files to spy on and potentially ...
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
Hosted on MSN

‘Denied and obfuscated’: Ford government forced to release Eglinton LRT, Ontario Line emails

The Ford government has been ordered to release seemingly innocuous emails containing an outdated schedule for the Eglinton Crosstown LRT and details of construction work on the Ontario Line, which it ...

Months-old Adobe Reader zero-day uses PDFs to size up targets

Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.
WFMD

Gen Jack Keane ‘skeptical’ that Iran ceasefire will hold, warns Tehran will ‘delay and obfuscate’

Retired four-star Gen. Jack Keane expressed doubt that the Iran ceasefire will hold, arguing Tehran is exploiting the pause to delay and ease pressure while testing whether the U.S. has “the stomach” ...