Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

For developers working with ChatGPT’s new developer mode, this means the connectors they create may not just serve one-off integrations — they could be building into a broader ecosystem standard. MCP ...

SwissBorg $41M hack, hidden malicious npm code, sanctions on Southeast Asian networks, California launderer's sentencing, ...

New Shamos malware targets Mac users with fake fixes, stealing passwords, crypto, and personal data. Here’s how to stay safe.

Jamf Threat Labs has released a new report on Mac malware. Dubbed ChillyHell, the malware was first discovered in 2021 and ...

Bad actors are using GitHub's repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed "GPUGate" that includes new hardware-specific evasion ...

With the ttyd command line tool, you can transform your terminal into a live, interactive web app that anyone can access with a link.

Most Android devices default to the Google Play Store for downloading and installing apps, but it's far from the only place ...

Qubic attempted a 51% attack on Monero while training its AI model AIGarth. It's now posting on social media—and the public ...

ReversingLabs researcher Lucija Valentić discovered malicious packages on the Node Package Manager (npm) open source ...

“Hook v3 blurs the line between banking trojans, spyware, and ransomware,” said Nico Chiaraviglio, Chief Scientist at Zimperium. “Its rapid evolution and wide-scale distribution elevate the threat to ...

Ethereum smart contracts are being used to download malware via poisoned NPM packages, something Binance has linked to DPRK ...