Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

Most teams are still securing access with static credentials built for human operators, not for autonomous agents. This ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers' GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack.

Attackers hijacked a dormant npm maintainer account and pushed malicious node-ipc versions that steal crypto keys, AWS tokens ...