Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

White House app secretly tracked users every 4 minutes, sending location data to third parties despite promising government ...

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...