A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an ...

Allen Institute for AI, a prominent Seattle-based nonprofit research organization working on advancing artificial intelligence models and systems, today launched a new open-source AI agent that can ...

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

A newly discovered third variant of the Shai Hulud malware is raising fresh concerns about the security of the open-source software supply chain, as researchers warn that the latest version shows more ...

Is real-time data all that important? It is not like you are pulling money from an ATM or booking a flight. This whitepaper discusses the importance of actual data and demonstrates how a lack of ...

What security teams need to know about the browser-based attack techniques that are the leading cause of breaches in 2025. “The browser is the new battleground.” “The browser is the new endpoint”.

What looks like a simple "Are you human?" check is now one of the most dangerous tricks on the internet. Fake captchas have evolved into full-blown malware launchpads, thanks to a sneaky new method ...

If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, April 15, 2025: This story, originally published April ...