Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...
Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.
A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...
Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results