Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

If you use an Android phone, this deserves your attention. Cybersecurity researchers warn that hackers are using Hugging Face, a popular platform for sharing artificial intelligence (AI) tools, to ...

An advanced cloud-first malware framework targeting Linux systems was created almost entirely by artificial intelligence (AI), a move that signals significant evolution in the use of the technology to ...

Browser extensions promise convenience. Many offer simple tools like new tab pages, translators or video helpers. Researchers, however, uncovered a long-running malware operation that abused that ...

The MacSync Stealer macOS malware can now infect victims’ computers using what appears to be a legitimate application with minimal user interaction, according to Apple device management and security ...

A wave of recent breaches and malware discoveries shows how easily trusted software and private data can be exploited. I've been writing and editing stories for almost two decades that help people use ...

Cyber criminals would much rather log in than hack in. That’s why infostealer malware, designed to exfiltrate user credentials, browser data, messages, documents, images, and device information, is ...

A new report out today from endpoint security firm Morphisec Inc. details a previously undocumented malware family dubbed “PyStoreRAT” that abuses trusted open-source platforms and Windows scripting ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

We are either at the dawn of AI-driven malware that rewrites itself on the fly, or we are seeing vendors and threat actors exaggerate its capabilities. Recent Google and MIT Sloan reports reignited ...