According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact ...

As part of the infamous Contagious Interview campaign, North Korean threat actors were seen abusing legitimate Microsoft Visual Studio Code in their attacks.

North Korean hackers target macOS developers with malware hidden in Visual Studio Code task configuration files.

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime ...

Chrome extensions are supposed to make your browser more useful, but they've quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered ...

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...

Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired ...