Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted ...
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social engineering ...
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Cloud security firm Sysdig says it has documented the first ransomware operation carried out entirely by an autonomous AI ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Sysdig says JADEPUFFER may be the first agentic ransomware case, exposing how AI agents can turn old credential failures into database destruction. JADEPUFFER is a warning about exposed AI ...
An AI agent carried out the technical execution of a real-world ransomware attack for the first known time, but new details ...
JadePuffer could be the first reported case of a ransomware attack driven by AI from start to finish. How can businesses ...
The ransomware’s use of trusted administrative tools and recovery-disruption tactics shows why containment, not just endpoint ...
A leaked chat and bitcoin trail show a US government entity paid Kairos $1m to suppress stolen files, no encryption involved, with clues pointing to Ohio.