On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
ShellGPT makes the terminal user-friendly, saving time by generating commands, automating scripts, and guiding me through tasks.
Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.
A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.
Credit: VentureBeat made with OpenAI GPT-Image-1.5 The "OpenClaw moment" represents the first time autonomous AI agents have successfully "escaped the lab" and moved into the hands of the general ...
A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. The attacks were spotted ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results