Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
Usage with any "AI" agent is strongly discouraged. Jqwik's log output may confuse the agent. Naturally, this sort of "developer" – we use the word fairly loosely here, you understand – doesn't read ...
Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...
The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
The Windows-based CryptoBandits cryptocurrency clipper blends data exfiltration and remote code execution in a backdoor.
A fresh wave of phishing emails is exploiting a blind spot in enterprise email security tools — one that most organizations have not closed — by disguising executable JavaScript inside SVG image files ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results