ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social engineering ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Attackers are using multiple channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread ...
Researchers from Zscaler found a new malware campaign dubbed Edgecution.
The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.
In the age of A.I., Hany Farid is struggling to prove what’s real before the internet decides for itself. In the age of A.I., Hany Farid is struggling to prove what’s real before the internet decides ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.