A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

A North Korean attack group is running a scam operation called the Graphalgo, wherein they use fake job schemes to deliver malware.

Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question.

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery and RAT deployment.

Has AI coding reached a tipping point? That seems to be the case for Spotify at least, which shared this week during its fourth-quarter earnings call that the best developers at the company “have not ...

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine cryptocurrency. It's the latest example of bad actor's using AI to create ...

Microsoft warns that Python-based infostealers are increasingly targeting macOS, harvesting sensitive data and challenging assumptions about Apple's malware immunity..

Threat actors compromised the Open VSX Registry on January 30, 2026, pushing malicious updates to four trusted VS Code extensions with over 22,000 combined downloads. The attack targeted macOS ...

The queries target both commercial and open-source tools. Open-source C2 frameworks (Sliver, Mythic, Havoc, Covenant, etc.) and phishing platforms (GoPhish, Evilginx) are particularly detectable ...

Abstract: Android malware poses a persistent and evolving threat to mobile security, considering its capability to compromise sensitive user data and evade traditional detection methods. While ...