A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Anthropic's new initiative, Project Glasswing, unites a dozen major organizations—including Apple, Google, Microsoft, AWS, ...

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...

If you're paying for software features you're not even using, consider scripting them.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

本次案例正是最好的警示：一个看似正常的扩展插件，险些将病毒带入系统。这充分说明，只要智能体仍在与系统交互、仍在联网运行，运行时的动态防御就绝不能缺失——危险往往藏在“正常操作”背后。此次事件之所以未造成实际影响，关键在于天珣EDR For ...

朝鲜这个国家，在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力，一直被严重低估。从 2014 年的索尼影业攻击，到 2017 年的 WannaCry 勒索病毒，再到这次对 npm 生态的精准打击，朝鲜黑客的技术水平和作战纪律一点也不「落后 ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...