Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
The next major release of Deno, a JavaScript/TypeScript runtime, will include new commands to build cross-platform desktop ...
You can minimize the degree to which your browser spies on you, but potential hackers can use your own SSD against you and ...
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Secure document editing in your own app. ONLYOFFICE Docs Developer equips web applications with secure, latency-free document ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.
In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.