The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Cybercriminal groups are now using spyware tools once utilized mainly by spies and law enforcement to hack into iPhones, new ...

Researchers from Google LLC and two cybersecurity companies have identified a set of zero-day exploits in iOS 18. Google’s ...

How can an extension change hands with no oversight?

The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a ...

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

Mandelson was arrested last month and has since been released under investigation (Picture: AFP) The UK government has released tens of thousands of documents regarding Lord Peter Mandelson’s ...

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be the first documented case of attackers abusing the Deno JavaScript runtime ...

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

A digital product is any non-physical item sold online and delivered electronically. This category encompasses a wide range of offerings: ebooks that teach specific skills, online courses that provide ...

Google is working on a change in Chrome for Windows that could fix a long-standing drag-and-drop frustration. Right now, dragging multiple files from websites such as Google Drive, Dropbox, or GitHub ...

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...