Trojan abuses Microsoft Phone Link app to steal your passwords

The CloudZ Trojan steals data through Microsoft Phone Link. The campaign has been active since at least January 2026.  Follow ...

The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss

Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software ...

MuddyWater hackers use Chaos ransomware as a decoy in attacks

The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social ...
The Hacker News

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
The Hacker News

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.
How-To Geek on MSN

6 PowerShell commands that fix the most common Windows 11 problems in seconds

No click, only type.