Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies into hiring North Koreans.

Independent hosting directory WHTOP ranks SkyNetHosting.Net #1 for reseller hosting in 2026, citing uptime reliability, ...

The Portage-based company, with 56,000 employees and operations in 61 countries, is experiencing a global outage across its systems.

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Meanwhile, Iran took credit for attacks on ships in the Strait of Hormuz as U.S. gas prices reached a national average of $3.59 a gallon.

Many Chrome extensions start as small developer projects, and once they gain users, are sold on. But what if the new owner turns out to be a bad actor who gains the ability to update software running ...

Rapid7 researchers spot a malicious campaign aimed at harvesting credentials and digital wallets from Windows machines.

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

A malicious npm package disguised as a legitimate AI tool to install the virally popular OpenClaw, but designed to steal system passwords and crypto wallets, has been identified by cybersecurity ...

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.