CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
来自MSN

White House app found with hidden GPS tracking, weak security

A security researcher’s decompilation of the White House’s official mobile app uncovered hidden GPS tracking, insecure code practices, and risky third‑party dependencies. The app transmits location ...
Morning Overview on MSN

Malicious open-source packages surge 73% in 2026 as threat actors weaponize the software ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...
Beebom

Spiked Codes (May 2026)

Spiked is one of the cleanest volleyball experiences in Roblox, inspired by the beloved animanga series — Haikyu!! The experience takes place in the traditional 6v6 court, with each player having ...
Gizmodo

Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time

Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...
blockchain

Reverse Engineering Obfuscated Code: @alice_und_bob Details Practical Methods for Interface ...

According to @alice_und_bob, the workflow to get an opaque system working included buying books, asking an uncle, throwing function calls at obscure interface definitions until they worked, studying ...
adtmag.com

Mojang Studios to Remove Code Obfuscation from Minecraft Java Edition

Mojang Studios announced Tuesday it will eliminate code obfuscation in Minecraft: Java Edition, marking a significant shift in how the company distributes the game to its modding community. The change ...
winbuzzer.com

Minecraft to Remove Code Obfuscation, Boosting Its Massive Modding Community

Mojang is making a major change for its massive modding community. On October 29, the developer announced it will stop scrambling, or obfuscating, the code for Minecraft: Java Edition. For over 15 ...
barrie360

(Updated) Ford government obfuscated Greenbelt records through code words: commissioner

Ontario Premier Doug Ford's government broke its legal, record-keeping obligations amid its now-reversed decision to open up parts of the protected Greenbelt lands for housing, the province's ...
Cyber Wire

Hijacking wallets with malicious patches.

Lucija Valentic: This malicious npm package puts malicious payload inside other locally installed software, Atomic Wallet and Exodus, in this case, so malicious payload is still there. That means once ...
Bleeping Computer

Supply chain attack hits npm package with 45,000 weekly downloads

An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. The 'rand-user-agent' ...