Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys ...
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.