Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login flows.

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages ...

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...

After some The Time of Ninja codes? This premium Roblox game recently entered a paid beta period, with players getting a chance to enjoy the anime-inspired action for the first time. If you’re one of ...

May 14, 2026: We have three new Basketball Legends codes to redeem this month. We also added the new way to redeem them. What are the newest Basketball Legends codes? We've assembled a full list of ...

Shakes and Fidget is a fantasy role-playing game where you can create your comic hero and claim the top spot in the Hall of Fame. Before you start your journey to become a legend, you can check out ...