Hackers exploit a critical React JavaScript vulnerability, CVE-2025-55182, to deploy crypto wallet drainers on legitimate websites ...

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

A newly discovered third variant of the Shai Hulud malware is raising fresh concerns about the security of the open-source software supply chain, as researchers warn that the latest version shows more ...

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

Security researchers have uncovered a troubling new malware campaign that has been hiding malicious code inside the logo ...

Darktrace threat researchers have identified and analyzed a new variant of BeaverTail, a malware family associated with North Korea’s Lazarus Group activity. BeaverTail is a JavaScript-based ...

The system employs HMAC-SHA256 (Hash-based Message Authentication Code using SHA-256) for license integrity verification. SHA-256 refers to the Secure Hash Algorithm producing 256-bit hash values (see ...

A new strain of the Shai Hulud worm is discovered by researchers, signaling the self-propagating supply chain threat ...

Russian hackers are circulating a new malware-as-a-service infostealer with potential anti-virus bypass capabilities.

A China-linked threat actor used malicious browser extensions over seven years to steal data and corporate intelligence from ...

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...