The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
Follow ZDNET: Add us as a preferred source on Google. Red Hat was the victim of an npm security breach. The company has removed the affected packages. Check whether you use @redhat-cloud-services npm ...
Kaspersky reports ToddyCat’s Umbrij abuses headless Chromium and OAuth flows to extract Gmail authorization codes, enabling ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
A recently discovered Remote Access Trojan in the widely used Axios library puts millions of JavaScript developers at risk.
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...