Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...

Cybercriminals use fake troubleshooting websites to trick Mac users into running terminal commands that install Shamos malware through ClickFix tactics.

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...

AMD have announced the end of AMDVLK, their official open-source Vulkan driver and will instead now be focusing on the much ...

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

Chrome extension spyware disguised as a free VPN service highlights security risks after it captured private browsing data ...

Your weekly strategic brief on the cyber threat landscape. Uncover the deeper patterns behind attacks, from bootkit malware ...

A Chrome VPN extension with 100k installs was caught spying on users. See how to protect your privacy with safer VPN choices.

For developers working with ChatGPT’s new developer mode, this means the connectors they create may not just serve one-off integrations — they could be building into a broader ecosystem standard. MCP ...

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.