Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A previously undocumented .NET trojan and its companion Pheno plugin allow attackers to capture mobile authentication codes ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Trellix discloses data breach after source code repository hack

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
Windows Report

CloudZ RAT Steals Your OTPs Through Microsoft Phone Link

A new version of CloudZ RAT uses a malicious plugin called Pheno to extract sensitive data from Windows PCs by abusing ...

Trojan abuses Microsoft Phone Link app to steal your passwords

The CloudZ Trojan steals data through Microsoft Phone Link. The campaign has been active since at least January 2026.  Follow ...

Microsoft Edge will load all your passwords into memory in plaintext, but Microsoft says it's not a security concern

A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at ...