Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Arabian Post

GitBait phishing ring targets Mexican bank users

A long-running phishing operation has turned GitHub Pages into a low-cost staging ground for fake banking portals aimed at customers of financial institutions operating in Mexico, harvesting logins, ...