The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities ...
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs ...
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.