The shadowy SIM farms behind those incessant scam texts - and how to stay safe

These fraud factories operate quietly to support large-scale scamming and phishing. Here's how they work and what to do if ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

New GoGra malware for Linux uses Microsoft Graph API for comms

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy ...
MIT Technology Review

Supercharged scams

AI tools are making it easier than ever for online criminals to trick people and steal money and valuable confidential data.
Krebs on Security

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud ...
The Droid Guy

17 Google Messages Tips Tricks and Features You Need to Know

Google Messages has changed more in the last year than in the previous five combined. Encrypted RCS between iPhone and Android is rolling out, real-time location sharing through Find Hub is replacing ...
Scientific Research Publishing

Cyber Deception and Theft: A Critical Review ()

Danquah, P. and Bekoe, S. (2026) Cyber Deception and Theft: A Critical Review. Journal of Information Security, 17, 149-166.
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...