A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual ...

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected ...

Abstract: The increasing reliance on Field Programmable Gate Arrays (FPGAs) in security-critical applications underscores the need for robust protection mechanisms against cyber threats such as buffer ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Google reported the first confirmed AI-assisted zero-day exploit, raising new concerns about logic flaws, supply chain risk, and containment.

A fake Claude code installer can successfully exfiltrate decrypted cookies, passwords and payment methods from Chromium browsers. Here's how.

The arrival of Minecraft 26.1 in March 2026 brought major changes to the modding landscape, including the removal of obfuscation and new API standards that demand a fresh approach to modpack building.