Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...

Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

JavaScriptやReact周辺の開発で広く使われているライブラリ群「TanStack」のnpmパッケージに、攻撃者がマルウェア入りのバージョンを公開するサプライチェーン攻撃が行われました。TanStack公式の事後報告によると、攻撃者は2026 ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...