Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Security Boulevard

ClickFix Campaign Generated Via AI Delivers SmartRAT

IntroductionIn March 2026, Zscaler ThreatLabz observed multiple instances of typosquatting domains hosting malicious content generated with AI-powered website creation tools. Threat actors are ...

I programmed a $7 ESP32-S3 board to block all computer's web ads - and it took just minutes

Raspberry Pi boards have gotten expensive, so I've been looking for cheaper alternatives. I found one in a tiny ESP32-S3 board.
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...