Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

This story was originally published by Mountain State Spotlight. Get stories like this delivered to your email inbox once a week; sign up for the free newsletter at mountainstatespotlight.org/newslett ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

House lawmakers were digging into Jeffrey Epstein’s sprawling financial portfolio Wednesday as a committee deposed his former ...

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Unlike traditional malware that requires a user to click a suspicious link or file, a newer generation of malicious software can install itself onto devices without direct user interaction.

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...