Compromised Nx Console VS Code Extension Steals Developer and Cloud Secrets
Nx Console’s popular VS Code extension was briefly weaponized into a credential-stealing tool that can leak developer and cloud secrets and plant a persisten...
20 articles
Nx Console’s popular VS Code extension was briefly weaponized into a credential-stealing tool that can leak developer and cloud secrets and plant a persisten...
The newly discovered Reaper malware bypasses Apple's macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor.
Flare's analysis of 128 posts between February and May 2026 reveals REMUS's aggressive development cycle, mirroring structured software businesses.
Turla, also known as Secret Blizzard and linked to Russia's FSB, has re-engineered its Kazuar .NET backdoor, first used in 2017, into a modular botnet.
SHub Reaper bypasses Apple's Terminal mitigation, steals credentials and documents, and plants a persistent backdoor for continued access after infection.
Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ Open...
The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devi...
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-...
A newly analyzed malware strain, OtterCookie, is emerging as a serious threat to developers, quietly harvesting sensitive data from active workstations in re...
A newly analyzed cyber-espionage framework called Fast16 has revealed one of the most precise and covert sabotage operations ever uncovered targeting nuclear...
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. A...
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persi...
A popular open-source download manager trusted by millions suddenly became a malware delivery platform after attackers compromised its official website, repl...
The attack begins with deceptive emails or fake software updates containing a seemingly harmless file.
A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root caus...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply c...
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineere...
Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around s...
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations n...