A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

The comments on some Steam Profiles are actually loaded with invisible malware.

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

Your browser is more than just another app—it's your gateway to the web. We break down the strengths and weaknesses of today's top browsers to help you find the best fit for your needs.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...

Cybercriminals use ErrTraffic tool to automate malware distribution through fake browser error messages, with attacks ...