Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

UCLA is the No. 1 national seed for the NCAA baseball tournament. The Bruins were rewarded for their dominant wire-to-wire ...

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers' GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack.

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

Trans TLC Star’s Transformation Goes Viral 🏳️‍⚧️ ...

Cybersecurity researchers have uncovered a seemingly sophisticated supply chain campaign referred to as TrapDoor, which deploys malicious packages across popular package registries to compromise ...