Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Microsoft on Thursday disclosed a zero-day vulnerability in Exchange that's under active exploitation, but four days later customers are still awaiting a patch. The zero-day, tracked as CVE-2026-42897 ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns ...

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...

The 35-year-old had argued his initial admissions of guilt over the 2019 Christchurch attacks were provoked by poor mental health due to harsh prison conditions.

Iran’s state broadcaster has reported explosions in the Strait of Hormuz which it has described as an “exchange of fire” ...

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...