The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...

An emerging threat cluster is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to steal credentials ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

This new Storm attack platform can exfiltrate passwords and session data, enabling 2FA bypass. Google Chrome, Microsoft Edge ...

Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site ...

We've tested hundreds of smart home products in more than 20 categories to help determine which ones are best for every room in (and out of) the house. I'm PCMag's managing editor for consumer ...