A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...

ShinyHunters allegedly leaked 12.4 million CarGurus records, exposing personal and financing data and raising risks of phishing and data extortion attacks.

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in ...

You've probably heard of the dark web, but what's actually on it? These 5 tips can help you explore the dark web using Tails, Tor, and a VPN, assuming you actually want to go see.

Presearch’s “Doppelgänger” is trying to help people discover adult creators rather than use nonconsensual deepfakes.

Attackers used “technical assessment” projects with repeatable naming conventions to blend in cloning and build workflows, retrieving loader scripts from remote infrastructure, and minimizing on-disk ...

Obtanium is a must-have app on my Android phone. Here are the essential Android apps I install and update through it.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...