Anka Markovic Borak

A widespread phishing campaign has been targeting WooCommerce administrators globally since April 2025. The operation deceives site owners into installing fraudulent security patches that give attackers full control over their WordPress sites. Researchers at Patchstack uncovered this operation,

Recently, cybercriminals exploited a vulnerability in Google’s OAuth system to send phishing emails that appeared legitimate by passing DKIM (DomainKeys Identified Mail) verification. The incident came to light when a fraudulent Google security alert was reported. The attack leveraged Google’s

Security researchers have found that AI’s tendency to hallucinate package names when used to assist with writing code has led to a new software supply chain vulnerability, dubbed “slopsquatting.” The term, introduced by security expert Seth Larson, refers to a variation of typosquatting. While

Corporate email marketing accounts have been compromised and used in a phishing campaign known as "PoisonSeed," which is targeting cryptocurrency users and spreading fraudulent wallet seed phrases. The attacks were initiated in March 2025 and targeted Coinbase and Ledger users globally. Security