Infiniti Stealer: A new macOS infostealer using ClickFix and Python/Nuitka

A previously undocumented macOS infostealer has surfaced during our routine threat hunting. Malwarebytes Labs researchers initially tracked it as NukeChain, but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer. This malware is Read More …

Cloud Phones: The Invisible Threat

What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and Read More …

Millions possibly affected by data breach at dermatology giant QualDerm

Dermatology management services giant QualDerm suffered a cyberattack in late 2025 which saw it lose sensitive personal and healthcare data on more than three million people. The company is now notifying affected individuals by mail, noting in a breach notification Read More …

AI Drives Cyber Attacks That Unfold in Minutes

Artificial intelligence is speeding up timelines for cyber attacks, a new report has found, creating what the authors call a widening “cybersecurity speed gap” between bad actors and defense efforts. The report from Booz Allen Hamilton, published this month, shows Read More …

Russian initial access broker who fed ransomware crews gets 81 months in US prison

A Russian national who sold the keys to corporate networks faces nearly seven years in a US prison after prosecutors tied his handiwork to a string of ransomware attacks costing victims millions of dollars. Aleksei Volkov, 26, was sentenced to Read More …

Google Authenticator: The Hidden Mechanisms of Passwordless Authentication

Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. They target Read More …

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read

On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a Read More …

Trio-Tech International hit by ransomware attack

Trio-Tech International initially shrugged off a ransomware attack at a Singapore subsidiary as immaterial, only to reverse course days later after discovering stolen data had been disclosed. The California-based semiconductor testing and burn-in services outfit said it detected a ransomware Read More …

Three Supermicro employees charged with conspiracy to smuggle restricted Nvidia chips to China

A federal investigation has been launched after the US Department of Justice charged three individuals for allegedly smuggling restricted Nvidia AI chips to China. The three men were not named in court documents, however a statement released by Super Micro Read More …