Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Socket Announces Support for PHP with Composer and Packagist Integration

Developers Can Now Search, Analyze, and Secure PHP Dependencies with AI-Powered Supply Chain Protection It would be ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Security Boulevard

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect ...
Security Boulevard

Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, ...
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.
GitHub

Prompt Obfuscation for Large Language Models

This repository contains the source code and experimental framework for the paper "Prompt Obfuscation for Large Language Models". This artifact provides the tools to perform and evaluate two prompt ...