From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Some of the featured tools 👇 • JSON Formatter & Validator • JWT Decoder • SQL Formatter • CSS Minifier • JavaScript Minifier • Base64 Encoder / Decoder • URL Encoder / Decoder • Hash Generator • Unix ...
Nothing ever leaves your browser. No token, secret, or key is sent to a server; the app makes no backend calls for any core feature. The one optional outbound request is the JWKS-URL fetch on the ...
SOC analysts utilize it to decode malicious scripts, while incident responders use it to remove obfuscation from malware. One threat hunter mentioned that it is the first tab he opens every morning ...
Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
The Information Security researchers at University College London (UCL) analyzed an archive of 12.16 million GPS observations ...
IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
Researchers from Tokyo Metropolitan University have created a new paradigm for identifying online phishing campaigns. Their ...
A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results