Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
6d
ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery
ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...
ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...
Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.
X-VPN offers a strong free plan, solid privacy protections, and reliable geo-unblocking. However, slower speeds mean it doesn ...
Poorly written emails with spelling mistakes and obvious deception were once a clear marker of phishing attacks. These unrefined and isolated scams ...
GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...
We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar ...
ESET researchers have traced the reactivation of Sednit’s advanced implant team to a 2024 case in Ukraine, where a keylogger ...
XDA Developers on MSN
Google kept featuring this Chrome extension for months after it turned malicious
How can an extension change hands with no oversight?
Some results have been hidden because they may be inaccessible to you
Show inaccessible results