Attackers created at least 292 fake GitHub repositories that impersonated developer tools and redirected users to ...
From late April 2026 to mid-June 2026, Microsoft Defender Experts observed increased ACR Stealer activity across customer ...
A large-scale phishing operation has been observed disguising a malicious script as a TrueType font file (.tff). Using the ...
Google LiteRT.js, released July 9, 2026, brings native browser AI inference to web developers by compiling Google’s proven ...
New TELEPUZ malware spreads through ClickFix, then steals browser cookies, logs keystrokes, runs commands, and installs ...
An unpatched vulnerability in Cursor on Windows could allow attackers to achieve code execution via malicious repositories.
Bitdefender researchers show how Windows bind links can create conflicting filesystem views to hide malware from endpoint ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
A fileless malware framework is abusing Google’s Blogspot platform to deliver PureLog Stealer directly into computer memory, sharpening concerns that trusted web services are being turned into staging ...
Microsoft says TypeScript 7, announced July 8, brings native Go performance to VS Code, Visual Studio and other editors.
Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data. Developers searching for Claude Code installation instructions ...