Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
An anonymous researcher has dumped what they say is working exploit code for zero-day vulnerabilities across 15 software ...
Hackers created a fake trading bot for Polymarket’s prediction markets on GitHub. The bot was used to spread malware that ...
Your password manager can protect so much more than you realize.
Z.ai has launched ZCode, a free AI coding tool powered by GLM-5.2 that challenges Cursor, Claude Code and GitHub Copilot ...
Buffer overflow vulnerabilities have driven remote code execution for decades and keep appearing in critical network ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
A LayerX security study found that six AI browser agents could be tricked into exposing credentials from logged-in accounts, highlighting how prompt injection remains one of the biggest risks facing ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities ...