Malicious packages impersonating official SDKs for [Paysafe, Skrill, and Neteller](https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/) were publ
Jamf Threat Labs has disclosed a new macOS information stealer — dubbed **PamStealer** — that tricks users into downloading a malicious compiled AppleScript (`.scpt`) file disguised as Maccy, a widely
The [FortiBleed credential-theft campaign](https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/) has been formally tied to two active ransomwa
The Security Service of Ukraine (SSU) and the FBI have jointly disclosed a [long-running Russian intelligence operation](https://thehackernews.com/2026/06/ukraine-says-russian-intelligence-used.html)
The FBI, working with Google and Lumen Technologies' Black Lotus Labs, has seized and dismantled **Outsider Enterprise**, a Chinese-operated phishing-as-a-service (PhaaS) platform that ran [over one m
Attackers this week compromised more than 400 packages in the [Arch User Repository (AUR)](https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html), rewriting their `PKGBUILD` scripts
A working exploit for an unpatched Visual Studio Code vulnerability is now public, and it does something particularly damaging: steal GitHub authentication tokens with a single click from the victim.
More than 30 npm packages under Red Hat's `@redhat-cloud-services` namespace were compromised in a confirmed supply-chain attack, [per BleepingComputer](https://www.bleepingcomputer.com/news/security/
A supply chain attack campaign dubbed **Miasma** has compromised dozens of packages published under Red Hat's official `@redhat-cloud-services` npm organization, injecting a credential-stealing, self-
Threat actors are actively exploiting a critical vulnerability in Fortinet's FortiClient Endpoint Management Server (EMS) to deploy credential-stealing malware across managed enterprise environments,