DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for ...

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

An incident of LinkedIn malware means jobseekers and employers need to take more care with their applications and ...