Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

SideCopy targeted Afghanistan's Finance Ministry with Xeno RAT via Pashto phishing lures, enabling espionage and system ...

Discover the hidden gem of media players that power users have been quietly enjoying for years, and find out why it's time to ...

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

The method, known as FROST – short for "fingerprinting remotely using OPFS-based SSD timing" – focuses on how different processes compete for storage access. That competition ...

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...