Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote ...

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

This is a high-performance fork of caxa maintained by AppThreat. Version 3.0 introduces portable Node bundling and zstd-compressed native payloads on top of the build/runtime improvements from the 2.x ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say.

If 'Java' is not recognized as an internal or external command, operable program, or batch file, you need to take a closer look at the variable paths. Usually, it's the missing Bin directory that ...

Cybercriminals are increasingly relying on social engineering instead of traditional exploits, and Australian authorities are warning that a spreading “ClickFix” campaign is a prime example. The ...