Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...
The Hacker News

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.
Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...
Infosecurity-magazine.com

AI-Generated npm Malware Leaks Its Own GitHub Token

A malicious npm package has been caught leaking its own hardcoded GitHub token, a blunder that let researchers watch the operator's data theft unfold from the inside. The package, named ...

Windows BitLocker exploit sparks messy feud between Microsoft and the researcher who exposed it

The issue centers on a zero-day exploit called "YellowKey," published earlier this month by a security researcher known as Chaotic Eclipse, also known online as Nightmare-Eclipse.
Morning Overview on MSN

Hackers are now hiding inside the AI coding assistants developers trust the most — a single poisoned config file quietly smuggling stolen keys out of build servers

Sometime in early 2025, a security researcher flagged a configuration file that could do something it was never supposed to: ...