IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Abstract: The growing complexity of JavaScript has significantly enriched the interactive capabilities of client-side applications. However, it also leads to increased security threats, as attackers ...

If you are a JavaScript developer, you’re likely familiar with Axios, the popular library with over 80 million weekly downloads. Developers use Axios to make network requests, handle form submissions, ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

Abstract: Code obfuscation built upon code virtualization technology is one of the viable means for protecting sensitive algorithms and data against code reverse engineering attacks. Code ...

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of ...

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Many bot detection solutions, ...

Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses. Appearing to be ...

Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. The two ...

A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action ...

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The ...