A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware ...

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

DUBAI, DUBAI, UNITED ARAB EMIRATES, January 7, 2026 /EINPresswire.com/ — ANY.RUN, a leading provider of interactive malware analysis and threat intelligence ...

As part of daily operations, small businesses may need to collect or exchange sensitive data that should be protected. It could be a financial transaction, a mailing address or some other personally ...

The official JDownloader website was compromised between May 6 and May 7, 2026, with attackers replacing Windows and Linux installer download links with malicious payloads. JDownloader is a widely ...

In another sign that browsers continue to be a prime attack target, authors of the VoidStealer Trojan have uncovered a way to bypass a Chrome security feature designed to protect session cookies and ...

Abstract: Detection of malware communications is limited due to encryption. Malware control, updates, and distribution are encapsulated in TLS tunnels, making it difficult to distinguish between ...

Update: Added Microsoft's statement to the end of the first section of this article. Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan ...