The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never ...

Add Decrypt as your preferred source to see more of our stories on Google. The team behind Drift, a Solana-based decentralized exchange, signaled on Friday that it wants to negotiate with hackers ...