The scammers create ads that impersonate PayPal, often using hacked advertiser accounts. They exploit PayPal’s “no-code checkout” feature, designed for merchants to accept payments online or in person without needing a developer or coding knowledge.

A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has been uncovered, exposing a dangerous convergence of social engineering tactics and automated credential harvesting.

A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain unauthorized access to the vulnerable application.

A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks.

A critical security vulnerability has been discovered in the Better Auth library, a popular TypeScript authentication framework. The vulnerability could allow attackers to bypass security measures and potentially take over user accounts.

Cisco Talos uncovered two new variants of the Sagerunex backdoor, which were detected during attacks on telecommunications and media companies, as well as many Sagerunex variants persistent in the government and manufacturing industries.

The vulnerability, which impacts versions before 24.8.5, revolves around improper validation of non-file URLs interpreted as Windows file paths through the ShellExecute function.

In this campaign, Unit 42 researchers discovered a Rust-based macOS malware nicknamed RustDoor masquerading as a legitimate software update, as well as a previously undocumented macOS variant of a malware family known as Koi Stealer.

The attackers used multiple stealthy methods to evade detection: naming the plugin an innocent-sounding name, and hiding it in the WordPress plugins directory versus a core file to avoid being found by integrity checks.

Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code.