Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...
DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, ...
The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...
A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
Lazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and ...
The April 2026 Vercel security incident continues to extend past initial claims. The incident, which was said to involve what ...
Lazarus Group is targeting fintech and crypto executives using macOS through a new malware kit delivered via social ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results