A critical flaw discovered in the Opera GX browser could enable malicious websites to automatically install a customization ...
PureLogs Stealer uses fake PDF JavaScript files and Google's Blogger pages in the VEIL#DROP campaign, enabling fileless ...
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Researchers found attackers using fake CAPTCHA pages. Users should never run PowerShell or Windows commands requested by ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Unsurprisingly to many of us, app stores for smart televisions are also trash. Perhaps even more full of trash than other app stores due to the smaller ecosystem and fewer reviewers. Spur analyzed ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is ...
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
They're completely unnecessary at this point.