IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

Ukraine hit a major Moscow oil refinery for a second time in a week and disrupted commercial flights at Moscow airports in one of its biggest drone attacks since Russia’s ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Three popular plugins served malicious JavaScript through a compromised CDN.

RSA today announced new RSA Help Desk Live Verify capabilities that stop social engineering attacks by extending coverage for users without a registered authenticator. Announced at Identiverse 2026, ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

Treasury and fraud specialists Scott Edwards, Director of Fraud Risk Management, and Todd Martin, SVP, Treasury Management ...

Xiaomi released MiMo Code V0.1.0 on June 10, 2026 — a terminal-native coding agent built on a fork of the open-source OpenCode project, bundled with free access to Xiaomi's own 1-trillion-parameter ...

Most of these bases were home to Russian strategic heavy bombers—aircraft capable of carrying nuclear weapons. Using Russia’s mobile phone network, Ukrainian operatives remotely launched the drones, ...

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.