A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web ...

Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...

Article and title updated as 3 additional zero-days were fixed in the June 2026 Patch Tuesday. Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

Chrome's next update will kill your adblocker - and make the web less safe ...

Microsoft Edge two-week release cycle launches with Edge 152 on August 27, halving the update interval and reducing the ...

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...

Based“Crypto Clipper” Malware Spread. Microsoft Threat Intelligence has issued a warning to Windows users about a ...

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...