Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...
Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
In fall, hoards of winter ticks latch on to New Hampshire’s moose — sometimes upward of 50,000 per adult animal.
A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
For more than 25 years, Fortinet has proven that long-term technological leadership is inseparable from fiscal resilience.
SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Educational recreation of the WaterPlum/StoatWaffle VSCode supply chain attack. Full two-machine lab with C2 server, bootstrap downloader, RAT module, browser credential discovery, and file ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results