North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote control.

Real-Time Ransomware Detection and Provable Recovery for Amazon S3 Amazon S3 holds the data most organizations cannot ...

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.

A new malware dubbed GhostClaw is targeting crypto wallets on macOS machines. The fake OpenClaw installer captures private ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

Top Stories of The WeekGoogle Threat Intel flags ‘Ghostblade’ crypto-stealing malwareGoogle Threat Intelligence has ...

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

Binance issued an urgent security alert warning cryptocurrency investors about a critical, zero-click vulnerability in Apple's iOS.

A suite of new malware tools has been identified by Google Threat Intelligence, including one that can steal crypto private keys and sensitive data.