Fake BlueWallet steals passwords, accounts, and crypto from Macs

A fake website impersonating BlueWallet a real Bitcoin wallet is targeting Mac users with a simple but effective attack. BlueWallet itself has not been compromised. Instead, cybercriminals have stolen the name and branding of the legitimate Bitcoin wallet to make a malicious download appear...

CVE-2026-25608

CVE-2026-25608 (STER) : The vulnerability involves unencrypted TCP traffic used by STER to transmit data, enabling a Man-In-The-Middle attacker to obtain sensitive information such as passwords, personal data, or authentication tokens. The underlying risk is data confidentiality loss during netwo...

Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS

Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords...

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re...

Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS

Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets...

Fake Claude Code install pages hit Windows and Mac users with infostealers

Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments. Modern install guides often tell you to copy a single command like curl...

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github.com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, bu...

$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones

Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes...

Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys...

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect clones of the Windows 11 download page. Click Download Now and instead of a Windows update, you get a malicious installer—one that silently steals saved passwords, browser...

UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server

Cybersecurity firm eSentire's TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics...

CLSA-2026-1769507695 Fix CVE(s): CVE-2024-50349

SECURITY UPDATE: Confusing users into sending their passwords to sites under the attacker’s control using crafted URLs - debian/patches/CVE-2024-50349.patch: also encode : in credentialformat, sanitize the user prompt - CVE-2024-50349...

CVE-2005-1784

Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp...

CVE-2020-24227

Playground Sessions v2.5.582 and earlier for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password...

Malicious code in auto-backup-wsl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a2df4191bfbdaa28acd42677c912064639ef3b278179beee064cd83fb5b0e11e Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...

CVE-2025-34428

MailEnable

Fake ChatGPT Atlas Browser Used in ClickFix Attack to Steal Passwords

Cybersecurity researchers have uncovered a critical ChatGPT Atlas browser attack, confirming the danger of the ongoing surge in the ClickFix threat...

EUVD-2006-6360

Malware in sbrugna...

EUVD-2019-19356

Malware in sbrugna...

EUVD-2016-5866

Malware in sbrugna...