Experts warn the campaign could outpace past global cyberattacks, with hundreds of thousands of credentials already ...

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

Ethereum and Solana developers were targeted by five malicious npm packages that steal private keys and send them to the ...

GlassWorm is evolving. Security researchers say the malware, which infiltrates code repositories with malicious extensions, can now deploy a RAT, is targeting MCP servers, and has a new way of moving ...

Russia-linked APT28 has exploited a high-severity XSS vulnerability in Zimbra in attacks against Ukrainian entities.

OX Security reported a phishing campaign targeting developers using OpenClaw's name to lure victims into a fake site for ...

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...