A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. Miasma appears to be an evolution ...
StegoAd Microsoft Edge extensions malware affected up to 2.6 million users after the company removed 119 add-ons that hid ...
Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...