Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

Personal AI agents are exploding in popularity, but nearly all of them still route intelligence through cloud APIs. Your "personal" AI continues to depend on someone else's server. At the same time, ...

The real leap in Anthropic's and OpenAI's latest cyber-capable models isn't that they can hack in entirely new ways, but that ...

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, opening up new strategic vulnerabilities and new pathways to geopolitical ...

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...