Researchers have known for almost a decade that threat actors sometimes use DNS records to host malicious PowerShell scripts.

The RocketGenius website served a malicious variant of the Gravity Forms WordPress add-on for a few hoursThe variant harvested extensive information and allowed for RCEThe malware affected only manual ...

Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply ...

Patchstack published an advisory on a supply chain attack affecting Gravity Forms that enables remote code execution on ...

The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers ...

Trustwave SpiderLabs says it has recently uncovered a new form of malware known as Pronsis Loader, which is already causing trouble due to its unique design and tactics.

One report claims at least 25 million people were targeted by infostealer malware between the beginning of 2023 and the end of 2024, capturing bank card details and passwords.

On the malware side, cryptomining malware dropped slightly, making up just 5% of packages in the second quarter. The decline ...

Sonatype, a software supply chain security company, this week released the Q2 2025 edition of its Open Source Malware Index, ...

It is estimated that 560,000 new pieces of malware are detected on a daily basis, and over 1 billion malware programs currently exist. Malware refers to several different types of malicious ...

Over half of the malware Sonatype discovered in Q1 2025 was designed to exfiltrate sensitive information from infected systems, the company said.

A newly evolved form of malware called FakeCall, known for its advanced use of vishing (voice phishing), has been identified by cybersecurity researchers. Uncovered by Zimperium’s zLabs team, this ...