Microsoft reports an active cyber campaign targeting hotels in Europe and Asia using fake photo ZIPs, PowerShell malware, and Node.js implants with evolving evasion tactics. magnific.com Microsoft ...

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...

Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy ...

Microsoft Threat Intelligence is warning Windows users about a cryptocurrency clipper strain of malware transmitted via USB drives. The malware, which has been affecting users since February, steals ...

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Three poisoned versions of node-ipc went live on the npm registry on May 14, according to SlowMist. Attackers hijacked a dormant maintainer account and pushed code designed to siphon developer ...

- Obfuscated JavaScript creates a WebSocket backdoor using dynamically executed JavaScript. - The WebSocket sends an obfuscated JavaScript payload to inject a credit card skimmer into the webpage. - ...

Neighbors of Port Washington's $15 billion AI data center and advocacy groups are voicing public health and environmental concerns about plans for backup diesel generators at the site under review by ...

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim to deliver data stealing malware to devices running on Microsoft Windows.