A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

GREYVIBE targeted Ukraine since August 2025 using AI-assisted malware campaigns, increasing espionage capabilities and attribution challenges.

In today's 2-Minute Tech Briefing, a Windows 11 update broke localhost functionality, disrupting developer workflows just as Windows 10 support ended. Nvidia’s long-awaited DGX Spark “personal AI ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

We examine how AI is changing the future of work — and how, in many ways, that future is already here. Every tech company you can think of is jumping on the generative AI bandwagon and touting new ...

Over the last several years, Apple has dramatically improved how it handles lithium-ion battery charging in iPhones, iPads, Macs, and Apple Watches. Across multiple system releases, the company moved ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...