The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.
Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
Morning Overview on MSN
A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs
On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...
The helper's sole function is to invoke the browser's IElevator2 COM interface, introduced in Chrome 144, to recover the ...
May 17, 2026: With a code freeze in effect until the game's "most high-effort" update arrives, don't expect new Anime Vanguards codes until then. What are the new Anime Vanguards codes? In a Roblox ...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results