Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable ...

Notepad++ update servers were compromised for 6 months in 2025. Learn how the Chrysalis backdoor targeted users and why you must manually update to version 8.9.1 now.

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's ...

State-sponsored hackers' are being blamed for compromising the popular alternative to Windows Notepad over a period of six months last year.

It's believed that, between June and November 10/December 2, 2025 (independent security experts and its hosting provider ...

Agentic AI tools like OpenClaw promise powerful automation, but a single email was enough to hijack my dangerously obedient ...

The hosting provider's compromise allowed attackers to deliver malware through tainted software updates for six months.

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

A Chinese-linked cyberespionage group with a long history hijacked the update process for the popular code editing platform Notepad++ to deliver a custom backdoor and other malware to targeted users, ...

This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...