A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from ...

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

SURBL flags the URLs inside your emails rather than your sender IP. A single link to a flagged domain can silently disable every link in a delivered message, and most senders never realise it happened ...

Phishing is a form of cybercrime in which people are deceived into exposing their personal information which can result in ...

Nathan is a tech journalist from Canada who spends too much money on gadgets. You can find his work on Android Police, Digital Trends, iMore, Mobile Syrup and ZDNET. Nathan studied journalism at ...

The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is ...