Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
Securonix uncovers the Veil#Drop malware framework, which abuses compromised websites and Google Blogspot to deploy the PureLog information stealer.
China's self-driving car firms have been given a headstart by the country's EV supply chain as they expand globally.
Cybersecurity firm Novee has identified a GitHub Actions workflow-chain risk that can expose secrets even when checks pass, ...
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading ...
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...