Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A new ClickFix attack that leverages a Nuitka loader targets macOS users with the Python-based Infiniti Stealer malware.

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Share on Facebook (opens in a new window) Share on X (opens in a new window) Share on Reddit (opens in a new window) Share on Hacker News (opens in a new window) Share on Flipboard (opens in a new ...

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...

This article is part of Kotaku Deals, produced separately from the editorial team. We may earn a commission when you buy through links on the site. If you’ve been considering a PC upgrade, there’s no ...