Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

JavaScript is the heartbeat of the modern web. If you’ve ever felt frustrated by certain web pages that just don’t seem to work, the culprit might be that JavaScript is disabled in your browser. This ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

Abstract: Traffic encryption is widely used to protect communication privacy but is increasingly exploited by attackers to conceal malicious activities. Existing malicious encrypted traffic detection ...

Abstract: Deep learning-based models demonstrate a remarkable level of accuracy in network traffic identification. However, the black-box nature of neural networks often makes the identification ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

We also publish the MOLOT System Card, which describes our progress on malicious-code detection using machine learning. We cannot release the model publicly because it is part of the PT Application ...

OMCBench is a benchmark suite for evaluating malicious-code detection capabilities. The benchmark consists of a labeled set of 800 Python and JavaScript packages: 400 benign and 400 malicious packages ...