The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...