A new cross-platform malware named “ModStealer” actively targets crypto wallets while remaining undetected by major antivirus ...

苹果设备管理与安全公司Mosyle近日披露了一款名为“ModStealer”的跨平台恶意软件，其自一个月前现身VirusTotal平台以来，成功避开了所有主流杀毒引擎的检测。这款恶意软件不仅对macOS系统构成威胁，还能在Windows和Linux环境下运行，展现出极强的跨平台攻击能力。

Security firm Mosyle has disclosed ModStealer, a cross-platform malware that evades antivirus software and targets browser ...

近日，安全研究机构Mosyle发布报告，披露了一种名为“ModStealer”的新型跨平台信息窃取型恶意软件。该恶意软件自首次出现在VirusTotal平台至今已近一个月，但仍未被主流杀毒引擎识别。ModStealer具备在macOS、Windo ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

9 月 8 日，Node.js 生态链遭遇前所未有的冲击。资深 npm 维护者 Qix（Josh Junon） 因一封钓鱼邮件泄露了账户，攻击者趁机在多个热门包里植入了恶意代码。这次事件迅速引爆社区，成为开源史上下载量最大的供应链攻击之一。

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...