The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted ...
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories ...
Discover the latest tactics used by Gamaredon in cyberattacks, as detailed in the ESET report. Stay informed about emerging cybersecurity threats.
Mythos is a signal, not a siren: What frontier AI should change for CISOs Don't panic about new AI threats; hackers are still using the same old security gaps to get in, so use AI to help your team ...