Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines.

Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls.

Operation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams.

Investigators found the malware, dubbed Firestarter, on a federal agency's network in a campaign dating back to at least September 2025.

The FBI’s annual report on digital crimes exposes a worsening environment. Yet, an unknown number of victims still suffer in the shadows never reporting the crimes they…

Researchers at numerous firms are sounding warnings about the supply-chain attack on an open-source project with 100 million weekly downloads.

DeepLoad logs keystrokes, buries details behind reams of AI-generated code, and re-infect hosts days after being blocked, according to ReliaQuest. 

The campaign goes back to 2023 but is the subject of an alert amid conflict in the Middle East.

The botnet, which compromised routers and IoT devices in 163 countries, claimed about 369,000 victims and $5.8 million from its cybercriminal customers, officials said.

Blind spots in complex cloud environments allow identity-based attacks to achieve the same outcome as complex malware or zero-day exploits. Sophistication need not apply.