The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
In 2025 and 2026, several independent sources have highlighted the same trend: Prompt injection remains one of the most ...
Linux kernel privilege escalation exploit DirtyClone (CVE-2026-43503) is publicly documented: JFrog published a working attack walkthrough Thursday showing how any local user can gain root on ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool ...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories ...
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
The following include a list of pentest tools available across the web. Many are free and even open source, others are premium tools and require a monthly or yearly subscription. We’ll note when ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results