ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed ...

Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime.

Google report: AI is accelerating cloud cyberattacks, and one weak link stands out ...

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.

Updates for devices as far back as iPhone 6s and iPod Touch 7th generation fix vulnerabilities associated with the Coruna ...

Merchants must prioritize total browser-side visibility and ensure client-side security across all web pages, not just the ...