IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Usage with any "AI" agent is strongly discouraged. Jqwik's log output may confuse the agent. Naturally, this sort of ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim to deliver data stealing malware to devices running on Microsoft Windows.

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. On March 31, 2026, Anthropic mistakenly included a ...

Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

Abstract: Code obfuscation built upon code virtualization technology is one of the viable means for protecting sensitive algorithms and data against code reverse engineering attacks. Code ...