Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Jamf says the Rust-based PamStealer targets Apple Silicon Macs, steals browser, wallet, Keychain, and clipboard data, and persists.
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs ...
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. Attacks leveraging the remote code ...
- We identified and analyzed a botnet operation named Lorikazz that targets Android TV set-top boxes for residential proxy monetization (proxyware). The name Lorikazz comes from a comment label in ...
On Monday, the Axios npm supply chain attack came to light where malicious packages had been inserted into one of JavaScript’s most widely used libraries. Three major threat intelligence firms have ...
Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked maintainer account is behind the attack. The compromised versions silently ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...
On 2026-03-31, an unknown threat actor compromised the npm account of jasonsaayman, the primary maintainer of axios. The attacker changed the account email to ifstap@proton[.]me and manually published ...
All payloads use api: "every" meaning they are available to every customer, not restricted by API key. The earliest payload dates to November 2024, proving the operation has been actively maintained ...