The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Active Microsoft Exchange zero-day leaves organisations exposed By Nicola Mawson, Contributing journalistJohannesburg, 19 May 2026An exploit in on-premises Microsoft Exchange servers has already been ...

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...

Tracking hate speech online is challenging even when terms are explicit. Coded speech is harder to detect – but pairing AI ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login flows.

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...