North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs ...
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities ...