Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Karine Buisset, a French worker for Unicef, among three killed in drone strike on building housing humanitarian workers in the city of Goma ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems.

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.

Many modern web applications rely on the flawed assumption that backends can blindly trust security-critical headers from upstream reverse proxies. This assumption breaks down because HTTP RFC ...

The cyberattacks blend malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.