Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation ...

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

If you're going to venture out on the dark web, you need to be informed.

This week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress ...

Claude AI discovered 22 Firefox vulnerabilities in two weeks, including 14 high severity flaws, showing how AI speeds up security research.

Anthropic’s Claude Opus 4.6 AI found 22 Firefox vulnerabilities, including 14 high severity, helping Mozilla patch flaws in Firefox 148.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...