Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users and developers.

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Dutch intelligence says Russian state hackers are targeting Signal and WhatsApp users through phishing, fake support messages, and device-linking scams.

I'm taking the road less traveled.

Malicious AI browser extensions posing as helpful assistants harvested ChatGPT and DeepSeek chat data from nearly 900,000 users, Microsoft says.

Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, ...

It's time to join the Pythonistas.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...