Oh dear.

Late yesterday I received a strange text from "PayPal" informing me that a payment for $999.99 had just been declined. It looks like we might have a new scam on our hands.

We all fall victim to the dangerous belief that if an app or extension is listed in an official repository - be it the App Store, Google Play, the Microsoft Store, Mozilla's Add-Ons directory or so on - it must be legitimate. After all, the big tech companies surely use a lot of automated systems (and real human beings) to ensure that their customers aren't downloading harmful things. Right?

We talk a lot about software designed to attack our smartphones and computers, but it turns out your router might also be at risk. That's right. Some dangerous new malware is going after the box you use to beam internet around your home or office.

A new botnet, boasting an army of 500,000 remotely-controlled routers in 54 countries, has been discovered. VPNFilter allows attackers to steal credentials, monitor Modbus SCADA protocols and has a destructive capability that can render an infected device unusable. It can be triggered on a single device or as part of a mass attack.

Here we go again. Radware's threat research group recently announced that more than 40,000 Facebook users were duped into downloading a "Relieve Stress Paint" application, via a crafty phishing email, that stole their login credentials and browser cookies while they pretend-painted in the app. Worse, the attack was clever enough to avoid being flagged by a typical antivirus app.

So, how can you keep your data safe in these instances? Let's review.

It's been a long time since Apple could claim its computers were really virus-free. Even mighty Mac owners have to keep an eye out for the latest vulnerabilities and malware, just like everyone else, and there's some new malicious Mac software making the rounds that you should know about.

It's been a year since WannaCry caused massive disruption to companies all over the world. The highly virulent ransomware, which was able to exploit an NSA-created tool called EternalBlue, was able to deliver its payload by using a flaw in the SMB 1 protocol. A year later, ESET has found EternalBlue is still a substantial threat.

Minecraft fans, beware of what you install. Anti-virus makers Avast have announced that over the last 30 days, they have identified malware that has infected almost 50,000 Minecraft players, malware designed to "reformat hard-drives and delete backup data and system programs,".

Nobody likes an operating system that's full of unnecessary stray files, 20 annoying apps that start up when you fire up your computer, and other crap that slows down your system, makes your desktop feel disorganized, or gives you a headache whenever you're trying to work (or game). Thankfully, there are a number of free apps that can help you clean your Windows PC.

The disclosure of the Meltdown and Spectre computer vulnerabilities on January 2, 2018 was in many ways unprecedented. It shocked – and scared – even the experts. The vulnerabilities bypass traditional security measures in the computer and affect billions of devices, from mobile phones to massive cloud servers.

We have, unfortunately, grown used to attacks on computer systems that exploit the inevitable flaws resulting from vast conceptual complexity. Our computer systems are the most complex artefacts humans have ever built, and the growth of complexity has far outstripped our ability to manage it.

Most internet users wouldn't want to share their browsing history with the rest of the world. (It's one of the reasons incognito mode is so popular.) This is especially true of people who look at questionable online material. So what would you be willing to pay if someone had a secret recording of you watching porn, taken on your webcam?

Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google's Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory -- which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

There have been plenty of stories recently about websites, often connected to content piracy and other dodgy activities, running background software that harnesses your computer's resources to mine cryptocurrency wile you're on their site. But, once you close the browser window, the CPU thieves lost access to your processor and associated resources. Malwarebytes has found that some have resorted to a clever trick to keep mining for cryptocurrency even when you've closed the offending browser window.

Evernote has a bit of a malware problem. For the past few years (starting in early 2014) spammers have been sending fake emails that claim to come from the note-organising service but include links to install malicious software on your computer.

Threat actors, Group 74, have targeted people attending the Cyber Conflict US Conference being held in Washington next month. They have distributed a flyer that delivers a VBA payload. Cleverly, the bad guys copied the text from the real flyer from the conference website and used that to craft their attack. While this isn't a new technique it's interesting that they are specifically focussing on security experts, presumably as a way of boosting their credibility in the hacker community.

Although Adobe has made the decision to send Flash out to pasture, the application most of us love to hate isn't letting its reputation for being the malware vector of choice fade away. A new zero day, dubbed BlackOasis, has popped up according to researchers from Kaspersky Labs.

Some computer security myths and stories that keep getting passed around, even though they're clearly not true. We sat down with computer security experts to separate fact from fiction.

Most security reports are pretty dull. They tell the same story. The bad guys can get into almost any system, spend weeks or months there, exfitrate data and generally run amok. They use social engineering attacks or exploit vulnerabilities to find their way into networks. But the Carbon Black report, released today focusses on something else - the malware marketplace.