A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

Spread the love“`html Visual Studio Code (VS Code) has rapidly become one of the most popular code editors among developers worldwide. Its flexibility, ease of use, and robust features make it a go-to ...

ReactOS open source Windows clone ran Half-Life in-game for the first time in 30 years of development. A March 2026 GPU ...

A variant of the PureLogs infostealer malware has been distributed through purchase-order-themed phishing emails that use a malicious JavaScript file to launch a multi-stage infection chain on Windows ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim to deliver data stealing malware to devices running on Microsoft Windows.

A widely used JavaScript package used with over a hundred million weekly downloads has been compromised in a new supply chain attack to fetch a malware payload for Windows, Linux systems and macOS ...

On 2026-03-31, an unknown threat actor compromised the npm account of jasonsaayman, the primary maintainer of axios. The attacker changed the account email to ifstap@proton[.]me and manually published ...