JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Essential Tips to Run PowerShell Scripts Like a Pro PowerShell has evolved into a powerful scripting language that’s essential for system administrators and IT professionals alike. Whether you’re ...
A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...
Phantom Stealer phishing targets banks with fileless malware and in-memory Windows process injection. The infostealer harvests credentials, cookies, financial data, screenshots, and cryptocurrency ...
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
Criminals are running polished fake tutorial videos on social media promising free Spotify Premium, Microsoft Office and ...
Cybercriminals are moving beyond email scams and into social media feeds, using tutorial-style videos on TikTok and Instagram to spread malware and steal credentials ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results