North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Residents at the Walker County Hospital District Board of Managers' June meeting accused the board of hiding its true ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Microsoft Threat Intelligence is warning Windows users about a cryptocurrency clipper strain of malware transmitted via USB drives. The malware, which has been affecting users since February, steals ...
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. Miasma appears to be an evolution ...
- Obfuscated JavaScript creates a WebSocket backdoor using dynamically executed JavaScript. - The WebSocket sends an obfuscated JavaScript payload to inject a credit card skimmer into the webpage. - ...
Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim to deliver data stealing malware to devices running on Microsoft Windows.
Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...
Attackers target developers who starred OpenClaw repositories. Malicious scripts in eleven.js enable wallet draining and tracking. Stolen data is sent to command servers, with one wallet identified.
Add Decrypt as your preferred source to see more of our stories on Google. Attackers used fake GitHub accounts to tag developers, claiming they had won $5,000 in ...
Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results