A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an ...

It’s time to unsheath your swords as a new Bleach-like experience, called Paradox, finally arrives on Roblox. Before you can upgrade your skills and parry enemies into a devastating blow, you will ...

Mojang Studios announced Tuesday it will eliminate code obfuscation in Minecraft: Java Edition, marking a significant shift in how the company distributes the game to its modding community. The change ...

Mojang is making a major change for its massive modding community. On October 29, the developer announced it will stop scrambling, or obfuscating, the code for Minecraft: Java Edition. For over 15 ...

Mojang has dropped some huge news for Minecraft Java players - especially those that love to mod. While the modding scene is already thriving in Minecraft, it's not as accessible as you'd expect for ...

A credential phishing campaign that likely relied on AI-generated code to evade detection has been stopped by Microsoft Threat Intelligence. The attack, which targeted organizations in the US, ...