The appearance of tens of thousands of fictitious packages in the npm ecosystem has unexpectedly evolved into a long and perplexing saga that began back in 2024. Specialists observed that over the course of...
Researchers at Varonis have reported the emergence of a new toolkit named MatrixPDF, which enables attackers to transform ordinary PDF files into interactive phishing lures. These maliciously crafted documents can bypass email security filters...
Socket Threat Research has discovered a malicious NPM package named fezbox, published by a user going by janedu. Ostensibly a harmless library, the package conceals an unusually sophisticated payload: it uses a QR code...
A major incident has rocked the npm ecosystem: the widely-used package eslint-config-prettier suddenly received an update devoid of any corresponding changes on GitHub. Developers quickly grew suspicious—and with good reason. The package’s maintainer later...
Cybersecurity specialists at cside have uncovered a vast and covert cryptocurrency mining campaign that has compromised over 3,500 websites—marking the largest incident of its kind in recent years and signaling the resurgence of tactics...
Google has introduced a new security configuration on Android, tailored for users vulnerable to targeted cyberattacks. Known as Advanced Protection, this suite of features—once exclusive to individual Google Accounts—is now available at the device...
jxscout is a tool designed to help security researchers analyze and find vulnerabilities in JavaScript code. It works with your favorite proxy (Burp or Caido), capturing requests and saving optimized versions locally for easy analysis...
The leading cybersecurity agencies in the United States—CISA and the NSA—have issued a joint report urging software developers to adopt so-called memory-safe programming languages. These are technologies inherently designed to protect against critical memory-related...