
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May,

A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May,

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other

xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the

Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems. Unlike other information stealers that

Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows

Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The

Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. “The script looked

A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI
