JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Cybercriminals are moving beyond email scams and into social media feeds, using tutorial-style videos on TikTok and Instagram to spread malware and steal credentials ...
Cybersecurity consultant Sergey Chubarov used a session on defending against intelligent threats to outline how AI is changing attack speed, scale and believability, with the most actionable guidance ...
Microsoft released security fixes for more than 200 vulnerabilities on June 9, 2026 — the largest single Patch Tuesday in the program's history since its founding in 2003 — while a security researcher ...