A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
Armored Likho, a new APT group using AI-generated malware and the BusySnake Stealer to target government agencies and power ...
Agentic coding tools vulnerable to command execution via DNS records ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
Cryptopolitan on MSN
Attackers deliver infostealer to Polymarket trading bot users, DeFi devs through npm packages
Hackers created a fake trading bot for Polymarket’s prediction markets on GitHub. The bot was used to spread malware that ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Z.ai has launched ZCode, a free AI coding tool powered by GLM-5.2 that challenges Cursor, Claude Code and GitHub Copilot ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results