New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and...
malicious
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a...
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of...
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the...
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc....
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Ravie LakshmananMay 11, 2026Supply Chain Attack / Threat Intelligence A malicious Hugging Face repository managed to take a spot in...
Fake Party Invites and the Rise of Social Phishing Attacks
Attackers are now impersonating invitation services to trick people into clicking malicious links and sharing sensitive information. These phishing attempts...
Malicious PyTorch Lightning Packages Found on PyPI
The post Malicious PyTorch Lightning Packages Found on PyPI appeared first on 2024 Sonatype Blog. TL;DR Two malicious versions of...
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically...
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project...
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in...
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Ravie LakshmananApr 22, 2026Cloud Security / Software Security Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics"...
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
In some compromised repositories, we observed both techniques being present simultaneously (i.e., the malicious .vscode/tasks.json alongside the appended obfuscated JavaScript)....
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and...
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Ravie LakshmananApr 16, 2026Botnet / Cryptomining Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in...
