According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and ...
A newly discovered malware campaign is abusing a malicious Microsoft Edge extension to break out of the browser sandbox and gain control of infected Windows systems. Security researchers at Zscaler ...
A malicious Microsoft Edge extension dubbed ‘Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained ...
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new ...