Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft Threat Intelligence is observing a multi-stage attack wave targeting the hospitality industry in Asia and Europe.
Microsoft is delivering tools to quickly configure Windows PCs as workstations for Windows and Linux development.
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, ...
With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until explicitly approved — closing a long-standing supply-chain vulnerability. Linux ...
If reinstalling software feels repetitive, these tools have some ideas.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results