SMB

In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.

Threat actors are promoting pages containing malicious instructions for installing AI agents intended for workflow automation.

The latest update to Kaspersky Cloud Workload Security adds support for an AI assistant for image analysis.

An in-depth analysis of CVE-2026-3102, a vulnerability posing a potential threat to anyone processing images on a Mac.

Various cases of the ClickFix technique used in real world attacks.

Attackers are delivering phishing links via Google Tasks notifications.

What is the year 2038 problem — also known as “Unix Y2K” — and how to prepare corporate IT systems for it?

Crooks are impersonating your brand to attack customers, partners, and employees. How do you spot — and stop — an attack of the clones?

Who can you trust in the cybersecurity solutions market? Fourteen major vendors were compared in terms of transparency, security management, and data-handling practices – and guess which was a leader across the board?!…

Millions of websites based on React and Next.js contain an easy-to-exploit vulnerability that can lead to complete server takeover. How to check if your server is vulnerable, and protect corporate web assets?

Here’s how to mitigate the risks of targeted attacks on your organization’s mail servers.

Systematic measures and tools that organizations can use to defend against malicious browser extensions.

We examine how popular Canon printers could become a foothold for attackers within an organization’s network.

Malicious actors have started utilizing a new variation of the ClickFix technique — named “FileFix”. We explain how it works, and how to defend your company against it.

The differences between an MXDR service for a large enterprise, and one that would fit perfectly into the security framework of a growing SMB.

Two campaigns by the BlueNoroff APT group target developers and executives in the crypto industry.

The optical sensors in computer mice can be used for eavesdropping. We break down why this is fascinating — but still a long way from real-world practicality.

Attackers are abusing legitimate websites to host hidden SEO links. We break down their tactics, and what you can do about it.

Two separate research papers vividly demonstrate how virtual systems can be compromised in a hostile environment — specifically, when the data owner can’t even trust the cloud provider.

How AI-generated code is changing cybersecurity — and what developers and “vibe coders” should expect.

Attackers pretending to be airlines or airports are sending out fake partnership offers.