A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is tricking Windows users into running malicious commands on their own computers. The ...

If reinstalling software feels repetitive, these tools have some ideas.

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the ...

Jake Peterson is Lifehacker’s Tech Editor, and has been covering tech news and how-tos for nearly a decade. His team covers all things technology, including AI, smartphones, computers, game consoles, ...

CVE-2026-11645 is the fifth exploited Chrome zero-day fixed this year. Google started 2026 by patching CVE-2026-2441, a ...

Based“Crypto Clipper” Malware Spread. Microsoft Threat Intelligence has issued a warning to Windows users about a ...

Anthropic’s AI turned Firefox and Windows software patches into exploits within hours, including one Windows proof-of-concept ...