JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...

A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a ...

Bitdefender researchers have discovered a malicious Windsurf IDE (integrated development environment) extension that deploys a multi-stage NodeJS stealer by using the Solana blockchain as the payload ...

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of ...

ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is ...

For developers or anyone who uses Windows Terminal to interact with the shell, be it PowerShell or WSL, this tutorial is going to help you customize the Terminal, which will soon be the default ...

In February 2025, we discovered that the Gamaredon tool PteroGraphin was used to restart Turla’s Kazuar backdoor on a machine in Ukraine. In April and June 2025, we detected that Kazuar v2 was ...

Build AI into your enterprise content and knowledge management platform with 5 APIs that help you base your AI on enterprise data and speed up development. Microsoft has been adding AI features to its ...