The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Opera GX patched a flaw that let malicious sites silently install GX Mods and leak a signed-in user’s Gmail address with CSS.
PureLogs Stealer uses fake PDF JavaScript files and Google's Blogger pages in the VEIL#DROP campaign, enabling fileless ...
A critical flaw discovered in the Opera GX browser could enable malicious websites to automatically install a customization ...
StegoAd Microsoft Edge extensions malware affected up to 2.6 million users after the company removed 119 add-ons that hid ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
A five-character fix turned a failing Lighthouse Agentic Browsing audit into a clean pass. What that reveals about what the audit actually measures.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
Several major law firms said they had cases numbering in the hundreds against the Catholic Church in Rhode Island.
CERT-In has issued a warning about a significant malware campaign targeting WhatsApp Web and Desktop users. Cybercriminals ...
A fileless malware framework has been abusing Google's Blogspot platform to deliver the PureLog Stealer entirely in memory, letting attackers steal credentials while leaving few traces on disk.