PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing. The FBI is warning the public to watch out for ...

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.

QR codes that were once seen as a convenient shortcut for checking menus or paying bills have increasingly been turned into weapons. Fake delivery texts, counterfeit payment links and malicious codes ...

Last year, I received a package with an electronic cat fountain I didn’t order – and I don’t even have a cat. At the time, I chalked it up to a common “brushing” scam, where a seller sends you an ...

The FBI is warning people of a new scam involving fake packages with QR codes designed to steal data. If people scan the code on a package they were not expecting, it prompts them to provide personal ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

A new package scam started this summer, and it's likely to gain momentum as people start ordering their iPhone Airs and buying gifts for the holidays. Picture getting a package delivered to your front ...

Scammers are taking the old “brushing scam” and making it more dangerous. Traditionally, brushing scams involved sending you packages you didn’t order so sellers could post fake reviews in your name.

You have been warned — do not scan here. An “impossible” to detect smartphone threat is now surging, with a new warning that more than 4 million attacks were observed “in the first half of 2025 alone.

Received a Mysterious Package With a QR Code? Don't Scan It The FBI is warning about an emerging scam that uses QR codes on unwanted packages to trick users into submitting their personal information ...