Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

A new malware campaign has compromised nearly 2,000 WordPress websites by using Steam Community profile comments to hide ...

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

South Carolina writer Julia Elliott has won the 2026 Carol Shields Prize for Fiction for her short-story collection Hellions.

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Malware and software ‘viruses’ insert themselves in infected systems as binary code, 1s and 0s that execute nefarious functions at the system level. To analyze and counter malware attacks, ...

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...