Security researchers found TCLBANKER, a Brazilian banking trojan that hijacks WhatsApp and Outlook accounts to spread crypto ...

Canvas, a learning management platform, is back online after being down for hours on May 7 following a cyberattack.

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Cybercriminals are increasingly relying on social engineering instead of traditional exploits, and Australian authorities are ...

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security ...

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.