Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
Lambda256, an on-chain (Blockchain network) finance platform supporting financial institutions' virtual asset conversion and operations, said on the 1st that it launched the open beta (Beta) of the on ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import time — not install time — evading npm v12’s script-blocking defaults and ...
a laptop screen with a webpage of the IT Army of Ukraine group of volunteer hackers. The IT Army of Ukraine first set up in the wake of Russia's devastating attack, and has since hugely grown in ...
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social engineering ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Cloud security firm Sysdig says it has documented the first ransomware operation carried out entirely by an autonomous AI ...
DETROIT, MI / ACCESS Newswire / July 12, 2026 / With over two decades of industry leadership and technology innovation, Abdul ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Sysdig says JADEPUFFER may be the first agentic ransomware case, exposing how AI agents can turn old credential failures into database destruction. JADEPUFFER is a warning about exposed AI ...
Somewhere in your organization, the answer to next quarter's hardest question already exists. It sits in a contract clause nobody indexed, a support ticket thread nobody summarized, a call transcript ...