Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Abstract: JavaScript code obfuscation has become a major technique used by malware writers to evade static analysis techniques. Over the past years, a number of dynamic analysis techniques have been ...

A global phishing campaign using personalized emails and fake websites to deliver malicious downloads has been identified by cybersecurity researchers. According to a new advisory by FortiGuard Labs, ...

This case study analyzed a stealthy host-based compromise in which the attacker exploited the trusted Windows binary mshta.exe to execute a remotely hosted, obfuscated JavaScript payload. The attacker ...

Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new variation of the Strela Stealer that represents “a notable advancement in malware delivery techniques, highlighting ...

Once accepted, the attackers tell developers to download a Node.js project as part of a practical test. The trojanized project on launch deploys a RAT and infostealer malware targeting all major OS ...

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in ...