In essence, MalTerminal is a malware generator. When adversaries bring it up, it asks if they want to create a ransomware ...

The macOS 26 "Tahoe" update is now available. Defined by its "Liquid Glass" theming and improved Spotlight search, macOS ...

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and ...

ClickFix typically asks the victim to perform a fake CAPTCHA test. FileFix tricks the user into copying and pasting a command ...

The new AI-native framework, freely available online, could make advanced cyberattacks faster, easier, and more accessible ...

Mend.io has been recognized as a Strong Performer in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025. In our first appearance in the evaluation, we earned top scores in ...

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals ...

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.

Philips has just announced a monster list of new products for its Hue lineup, part of an overhaul announced at the IFA conference in Berlin. In recent years, the Philips Hue line has struggled, as ...

Software supply-chain attacks are evolving in a disturbing way as cybercriminals use Ethereum smart contracts to hide malicious code within open-source libraries. Research presented by a security firm ...

Malware targeting Ethereum smart contracts is not entirely new. Earlier this year, the North Korean-affiliated Lazarus Group used similar techniques. What sets these NPM packages apart is the direct ...