ACR Stealer campaigns use ClickFix lures, JPEG steganography, and WebDAV to steal browser tokens, passwords, PDFs, and synced ...
Attackers were found using a Lua-based malware loader posing as a TrueType font tile, with layered obfuscation and fileless ...
Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
New Jalisco and OmegaLord phishing kits target Microsoft 365 accounts by abusing device code flows, OAuth tokens, and MFA ...
John Mueller responded to a plan to hide homepage links from Google in hopes only one internal anchor text would count, known ...
A new study found that social media platforms are referring people to sites where they can create nonconsensual, sexually ...
Two new phishing kits, Jalisco and OmegaLord, have been discovered in attacks targeting Microsoft 365 accounts, using ...
Prompt injections, the malicious commands attackers embed into content to entice LLMs to follow them, have been attackers’ go ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Learn how websites detect VPNs through IP reputation, DNS leaks, WebRTC, and browser fingerprints—and seven practical ways to reduce tracking.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results