Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, the Canadian Center for Cyber Security (CCCS) warned on Thursday. ColdFusion is a commercial ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities ...
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results