MOBILE

Trojanized FileZilla

A fake FileZilla site hosts a malicious download

March 2, 2026

A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past traditional monitoring.

Purchase order attachment isn’t a PDF. It’s phishing for your password

March 2, 2026

A fake purchase order attachment turned out to be a phishing page designed to harvest your login details.

week in security

A week in security (February 23 – March 1)

March 2, 2026

A list of topics we covered in the week of February 23 to March 1 of 2026

Gemini AI logo

Public Google API keys can be used to expose Gemini AI data

February 27, 2026

Researchers found that Google API keys long treated as harmless can now unlock access to Gemini.

Google logo with a rat

Inside a fake Google security check that becomes a browser RAT

February 27, 2026

Disguised as a security check, this fake Google alert uses browser permissions to harvest contacts, location data, and more.

Fake Zoom and Google Meet scams install Teramind: A technical deep dive

February 26, 2026

Attackers don’t always need custom malware. Sometimes they just need a trusted brand and a legitimate tool.

APT choosing attack vectors

How to understand and avoid Advanced Persistent Threats

February 26, 2026

APT stands for Advanced Persistent Threat. But what does that actually mean, and how does it translate into the kind of threat you’re facing?

Conduent and major clients logos

The Conduent breach; from 10 million to 25 million (and counting)

February 26, 2026

A third-party breach at Conduent now affects 25 million Americans—many never knew their data flowed through its systems.

Instagram logo

Instagram flagged explicit messages to minors in 2018. Image-blurring arrived six years later

February 26, 2026

Unsealed court records reveal Instagram executives discussed explicit messages to teens years before a blur feature was introduced.