Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. A newly published threat intelligence report by analysts at ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

The Python script extract_otp_secrets.py extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes ...

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS [malware-as-a-service] ...

A few weeks on from Microsoft warning Windows users that PDF attachments are increasingly being used in attacks, there’s another warning and a new lure. While the Windows-maker’s alert for PC users ...

There are many misconceptions about passkeys, both in terms of their usability and the security and privacy benefits they offer compared with current authentication methods. That’s not surprising, ...

A standalone file qr.js is also available. GIF reader is not included in the package (it would take a lot of space). Decoding raw bitmap is still possible. QR code decoding is challenging; it is ...