CSO Online

Hybrid 2FA phishing kits are making attacks harder to detect

Some 2FA-phishing attacks are becoming significantly harder to spot as threat actors blend two previously distinct ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking ...
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users ...
Security Boulevard

ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
InfoWorld

A proactive defense against npm supply chain attacks

Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
The Hacker News

5 Threats That Reshaped Web Security This Year [2025]

AI attacks, code flaws, and large-scale web breaches in 2025 forced new security rules and continuous monitoring for all ...