A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for ...

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

An incident of LinkedIn malware means jobseekers and employers need to take more care with their applications and ...