Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. A newly published threat intelligence report by analysts at ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

The Python script extract_otp_secrets.py extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes ...

Microsoft’s Copilot generative AI is popping up on the web, in mobile apps, in the Edge browser, and especially in Windows. But just what exactly is it? Here’s everything you need to know. I've been ...

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS [malware-as-a-service] ...

A few weeks on from Microsoft warning Windows users that PDF attachments are increasingly being used in attacks, there’s another warning and a new lure. While the Windows-maker’s alert for PC users ...

passwords are a problem. While they remain the main way we secure applications, services, and systems, they’re increasingly vulnerable. Cloud compute makes it economical to brute-force valuable ...