Malicious actors are now injecting malicious codes into legitimate projects to steal digital assets from unsuspecting users. According to reports, cybersecurity researchers have uncovered a ...

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...

How do you investigate potentially malicious Web page code without infecting yourself? As a computer security defender, I’m often in a position where I need to investigate a potentially malicious Web ...

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

A newly identified North Korean threat actor has widened its distribution of malicious node package manager (npm) code to public registries. And it's differentiating itself from other state-sponsored ...

What is antivirus software and do you still need it in 2026?

A new generation of QR code phishing (quishing) attacks have been uncovered by threat analyists at Barracuda. Research by the email protection firm highlighted new techniques that have been designed ...

Attackers can hide their attempts to execute malicious code by inserting commands into the machine code stored in memory by the software interpreters used by many programming languages, such as ...

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a ...

Antivirus has come a long way since its early signature-based roots, but even the most advanced versions cannot keep up with the speed and complexity of current cyber threats. By Ivaan Captieux, ...