Download Files with JavaScript

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...

InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

Belarus-aligned FrostyNeighbor attacks Ukrainian government, again — ESET Research discovers

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns ...

InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

AI agent successfully moves Adobe Lightroom to Linux

Claude Code has made the digital photo tool Adobe Lightroom functional on Linux. The project began with a very simple prompt.

Dark Reading

'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

A known Belarussian cyber-espionage group is back with a threat campaign against targets in Eastern Europe that uses spear-phishing to deliver malicious payloads to Eastern European government and ...

InfoWorld

Hands-on with React, Supabase, and PowerSync

If you are building a simple dashboard or a form-based application, the traditional JSON API (REST or GraphQL) approach is ...

CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Some results have been hidden because they may be inaccessible to you

Show inaccessible results