New Venom Stealer MaaS Platform Automates Continuous Data Theft
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration - Read more
CVE-2025-68822 Input: alps – fix use-after-free bugs caused by dev3_register_work
Information published. - Read more
SUCCESS – 253,510 breached accounts
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with...
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Introduction
In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with...
The Shift: An Era of Quantum Geopolitics
The expanding conflict around Iran signals a deeper shift. We have entered an era of quantum geopolitics, where the old rules of the...
Industrialization of the Fraud Ecosystem Blog
Payment fraud no longer operates as a collection of discrete schemes run by individual threat actors. It is increasingly sustained by an industrial...
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used...
New compliance guide available: ISO/IEC 27001:2022 on AWS
We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designing...
Latest article
Great responsibility, without great power
Welcome to this week’s edition of the Threat Source newsletter. As I’m writing this, today (April 28) is International Superhero Day. If you don’t know the origin story behind...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr...
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level...
Almost half of UK businesses hit by cyber attacks
The government's annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches. - Read more
