Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Redmond Magazine

Patch Now or Pay Later: The Financial and Security Risks of Neglected Application Updates

Patching is about staying ahead of threats, not just checking a compliance box — yet third-party applications routinely slip ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
GitHub

Next-generation open source version control

Lore is an open source version control system designed for unprecedented scalability of both data and teams. It is optimized for ...
The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

Coreutils for Windows: Microsoft bringt 75 Linux-Befehle in CMD und Powershell

Mit Coreutils for Windows sollen Entwickler ihre Gewohnheiten und bestehende Skripte aus anderen Systemen in Windows beibehalten können.

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
Cryptopolitan via MSN

North Korea’s Lazarus turns to fileless malware in new crypto attacks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.