Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Most of the Windows apps you use are in the Store or the WinGet repository. UniGetUI is a free, open-source app that's easy to use. It's also a great way to back up and transfer a collection of apps.
Hugging Face, an open source store for AI models and components, is open to an attack via the "tokenizer" layer that AI models use to make their outputs human readable. A cyberattacker could use the ...
Tesla has filed an S-8 registration statement with the SEC to register 303,960,630 shares of common stock for CEO Elon Musk under his 2018 pay package. At today’s share price of ~$376, those shares ...
JavaScript and Node.js teams do not lack security tools. What they still lack is a dependency security workflow that developers will actually use before release. That is the real gap. A package gets ...
SpaceX, the technology conglomerate founded by Elon Musk, reportedly filed disclosures confidentially with the U.S. Securities and Exchange Commission ahead of an initial public offering. SpaceX could ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results