“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Larson warned. “Inspect your account's Security History for anything ...

FileFix phishing attack in June 2025 delivers StealC malware via Bitbucket images, bypassing detection with obfuscation.

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless, FIDO2-based authentication methods (aka. passkeys) like YubiKeys, Okta FastPass, and Windows ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

A new report out today from cybersecurity company INKY Technology Corp. is sounding the alarm over a new wave of phishing threats that use QR codes in increasingly dangerous and deceptive ways, ...

Privacy-focused Google search competitor DuckDuckGo has been displaying phishing websites when searching for “Etherscan,” a popular Ethereum block explorer and ...

Kaspersky is warning LLM users of a new malicious campaign distributing a previously unknown malware, dubbed “BrowserVenom,” through a fake DeepSeek-R1 environment installer. According to findings by ...

A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials.

Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns Your email has been sent A new report from cybersecurity company Netskope reveals details about attack campaigns abusing ...

Be careful when receiving emails with QR codes, because Quishing (QR code phishing) has evolved to become as dangerous as never before, experts have warned. A report from Perception Point has outlined ...