Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

Malicious browser extensions disguised as TikTok downloaders compromised 130,000 users, exposing a growing blind spot in ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

How The Infostealer Economy Has Matured

Credential theft via infostealers has become a preferred option for many cybercriminals, as it's fast, scalable and lucrative ...

How A Roblox Cheat Download Triggered A $2 Million Hack At Vercel

How A Roblox Cheat Triggered A $2 Million Breach At Vercel. Why The Vercel Incident Changes The Economics Of Enterprise AI ...

macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...
FinanceFeeds

Bybit Flags macOS Malware Targeting Claude Code Users

Bybit's Security Operations Center disclosed a macOS malware campaign using SEO poisoning to target developers searching for ...
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.