A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe.
Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers.
The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event.
A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier's public developer SDK packages and on internal packages that load in every authenticated zapier.com session.
Delivered via phishing lures, the malware combines financial theft with data exfiltration and remote access.
A convincing fake website is impersonating OpenAI's ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information.