Threats

This marks the second time we’ve found a stealer Trojan in the App Store.

First, don’t panic. Second, change your passwords. What else? Read this blogpost to protect your accounts.

Malicious actors are busy setting up fake Netflix websites, trying to trick visitors into paying for supposedly legitimate subscriptions, and promising in-game currency and skins for popular games. How else are they scamming Gen Zers, and what can we do to fight back?

Scammers are promising compensation from a bank to all comers — with no exceptions — and to boost their credibility they’ve even rolled out a deepfake newscast generated by AI.

Can your photos be viewed, stolen, or deleted when your smartphone is plugged into a public charging station? As it turns out — yes!

Scammers are exploiting Google services to send fake law enforcement inquiry notifications, making them look like they originate from accounts.google.com.

Why highlighted links to visited sites can be dangerous, and why a solution was over 20 years in the making.

An infection tactic called ClickFix is becoming increasingly popular among cybercriminals. We explain how such attacks work and how to protect your company against it.

Counterfeit smartphones imitating well-known brands and offered online come pre-installed with the powerful Triada Trojan.

Spoiler: nothing good. Along with pirated software, you’ll probably pick up a miner, stealer, or backdoor.

Cybercriminals are inventing new ways to swipe money from payment cards by using credentials phished online or over the phone. Sometimes, just holding your card to your phone is enough to leave you penniless.

Attackers use the polyglot technique to disguise malware. We explain what it is and how to protect your company against attacks.

Apple’s Find My network can be exploited to remotely track other vendors’ Android, Windows, and Linux devices.

A security researcher has investigated his own smart mattress cover, discovering several ways to hack it — including through a backdoor preinstalled by the developer.

Our technologies have helped to detect the zero-day vulnerability CVE-2025-2783 in Google Chrome, which was used in a sophisticated APT attack.

If you’ve ever downloaded game cheats from a YouTuber’s “link in the description”, your computer might be infected with a stealer.

How to respond to a compromised GitHub changed-files Action incident.

Reasons for updating your ESXi infrastructure ASAP, and enterprise threats that VM escape poses.

Takeaways for regular crypto holders from the biggest crypto heist in history.

We found several groups of sites mimicking official websites of the DeepSeek and Grok chatbots. Fake sites distribute malware under the guise of non-existent chatbot clients for Windows.

We break down the most covert mechanism of smartphone surveillance using real-life examples.