TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a dead-man's switch that nukes your system.

Google has revealed that it detected and stopped a cyberattack that appears to have been developed with the help of AI. All you need to know.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Dify, a popular low-code AI application development platform with over 142,000 stars on GitHub, was found to contain critical vulnerabilities that allowed a one-click account takeover. Imperva ...

ESET announced a $40 million AI cybersecurity investment to secure AI systems. ESET outlined OpenClaw risks, launched ESET Private, and entered network security. ESET has announced a $40 million ...

A 732-byte Python script has uncovered a significant vulnerability in the Linux kernel, affecting users worldwide. Explore the details of this exploit, its implications, and the urgent need for ...

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...