IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

Read the docs and eat your vegetables. Immutable data cannot be changed once created, leading to much simpler application development, no defensive copying, and enabling advanced memoization and ...

Preview this article 1 min The 3-acre property at Big Bend Industrial Park has housed the company since at least 2001. Women ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious ...

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min The purchase bolsters the real ...

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.