With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Abstract: JavaScript code obfuscation has become a major technique used by malware writers to evade static analysis techniques. Over the past years, a number of dynamic analysis techniques have been ...

A global phishing campaign using personalized emails and fake websites to deliver malicious downloads has been identified by cybersecurity researchers. According to a new advisory by FortiGuard Labs, ...

This case study analyzed a stealthy host-based compromise in which the attacker exploited the trusted Windows binary mshta.exe to execute a remotely hosted, obfuscated JavaScript payload. The attacker ...

Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new variation of the Strela Stealer that represents “a notable advancement in malware delivery techniques, highlighting ...