The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Kerala Police warn businesses of a WhatsApp scam where fraudsters use hacked accounts, sending malicious files disguised as ...
CERT-In has issued a warning about a significant malware campaign targeting WhatsApp Web and Desktop users. Cybercriminals ...
PureLogs Stealer uses fake PDF JavaScript files and Google's Blogger pages in the VEIL#DROP campaign, enabling fileless ...
India’s cybersecurity watchdog, CERT-In, has warned WhatsApp Web and Desktop users about a malware campaign that can compromise accounts and infect laptops or mobile devices. The malware spreads ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Turns out Windows already gives you all the tools you need to block distracting apps and websites—you just have to put them ...
Push Security, the most powerful AI-native security tool in the browser, today announced browser-native capabilities that directly address the use cases organizations have traditionally used secure ...
A fileless malware framework has been abusing Google's Blogspot platform to deliver the PureLog Stealer entirely in memory, letting attackers steal credentials while leaving few traces on disk.
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...