A watering hole campaign that has been active in Southeast Asia since September has compromised at least 21 websites, including government and media domains.
Cybercriminals buried crypto-mining malware inside compromised websites in an effort to hijack victims' computing resources.
Security researchers observed CactusTorch, a fileless malware, using a .NET executable to run harmful .NET assemblies from memory.
Endpoint detection and antiphishing tools can help users filter basic spam email, but detecting malspam in PDF and Microsoft Office documents requires a more thorough investigation.
A new banking Trojan is using old PowerShell tricks to hide its activity from detection tools by continually launching malicious CHM files.
Over 20 mobile apps commonly used for stock trading are not very secure, according to recent security research.
Malicious script Magecart is still going strong, allowing threat actors to hire U.S. mules to ship fraudulently purchased goods.