Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The $149 Dune keyboard can be a meeting controller at least and a script-executing keypad at best.
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Opera has introduced a new safety feature that protects against malicious 'ClickFix' clipboard attacks.
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs ...
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule.
Maccy users are being warned about fake sites after researchers found malware using the app’s name to steal Mac login passwords.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
If you tend to copy/paste content from websites, you might be surprised to find yourself under the thrall of a ClickFix ...