A new Mac infostealer dubbed PamStealer impersonates the open-source Maccy clipboard manager to steal passwords and more.
Jamf Threat Labs has issued a report on new malware that users of the third-party clipboard manager Maccy need to be aware of ...
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
Microsoft reports an active cyber campaign targeting hotels in Europe and Asia using fake photo ZIPs, PowerShell malware, and Node.js implants with evolving evasion tactics. magnific.com Microsoft ...
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could ...
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data. Developers searching for Claude Code installation instructions ...
Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...
Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...
The vm2 sandbox of the open-source JavaScript runtime environment Node.js just can't escape the headlines, and the developers are now closing further “critical” security vulnerabilities. Once again, ...
The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
Just two weeks after a massive supply chain compromise, Axios, a widely used JavaScript library for making web requests, is experiencing another critical threat. It contains a bug that allows ...