Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

White House app secretly tracked users every 4 minutes, sending location data to third parties despite promising government transparency.

Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...

If clarity shines a light on something, obfuscating it is casting a shadow over it. The word “obfuscate” is cloaked in darkness, and often describes things that are shrouded in mystery, are ...

JSfuscator is a free web service for obfuscating JavaScript code, protecting it from reverse engineering. It offers techniques like variable renaming, string encoding, and control flow flattening, ...