A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
QR code phishing – also known as quishing – has reached record levels in ESET telemetry. ESET analyzed nearly 900,000 AI ...
Software developers across close to 100 organisations have been targeted by a likely North Korea-linked hacking operation that used fake recruitment and code-review tasks to steal cryptocurrency, ...
ClickLock Stealer , a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for ...
A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in conspiring with the now-defunct BlackCat ransomware ...
One of the Russian government’s most elite hacking groups has adopted an attack, known as Clickfix, to compromise devices ...
A fake GitHub repository campaign created hundreds of malicious projects that impersonated legitimate software and cybersecurity tools. The repositories directed users to deceptive download pages that ...
Researchers have a responsibility to search for consensus on this crucial issue, both for future generations and the future of our planet.
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading ...
Anthropic accuses Alibaba of using 25,000 fake accounts to scrape Claude AI The alleged campaign generated 28.8 million queries in a large-scale model-extraction effort to replicate AI capabilities.