Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.
Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...
Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.
Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results