Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

One of the most exciting challenges available to any software developer is that of writing brilliantly working code that’s so obtuse, so indecipherable, and opaque, that even its own author ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim to deliver data stealing malware to devices running on Microsoft Windows.

Add Decrypt as your preferred source to see more of our stories on Google. Attackers used fake GitHub accounts to tag developers, claiming they had won $5,000 in ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

A new report out today from Barracuda Networks Inc. has detailed how phishing attacks grew more sophisticated and harder to detect in 2025 thanks to the rapid evolution of phishing-as-a-service kits ...

Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity. Since October 27, security shop Huntress says it has spotted three Gootloader ...

After a long hiatus, Gootloader is back to its old tricks When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Gootloader malware resurfaces using ...