Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.

Meta is fighting back as attackers continue to target Facebook, Messenger and WhatsApp users. Here’s what you need to know.

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

The operator, known as Tom, said only users who signed a fake terms-of-service message on the compromised site after the breach were affected.

Google has confirmed an emergency Chrome security update amid reports that attackers are exploiting two zero-day vulnerabilities.

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be the first documented case of attackers abusing the Deno JavaScript runtime ...

Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update.

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.