DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

I’ve used plenty, but this one rewired my daily workflow.

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Tom Fenton reports running Ollama on a Windows 11 laptop with an older eGPU (NVIDIA Quadro P2200) connected via Thunderbolt dramatically outperforms both CPU-only native Windows and VM-based ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

A prolific cybercrime group has been weaponizing n-day and zero-day exploits in high-tempo Medusa ransomware attacks over the past three years, Microsoft has revealed. Storm-1175 is a financially ...

Explore Homebrew Statistics to uncover key usage trends, installs, and growth insights that help developers make smarter ...