Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample ...

The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers can ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

The April update suppresses Copilot completions while IntelliSense is active, addressing a long-running editor conflict.

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

A growing range of native macOS features are being repurposed by attackers to execute code, move laterally and evade ...

GitHub used as C2, new Cloudflare exfiltration domain found, linked to April 22 Checkmarx KICS compromise via Dependabot.

Gemma 4 made local LLMs feel practical, private, and finally useful on everyday hardware.

Three popular AI agents on GitHub Actions are vulnerable to so-called "Comment and Control" attacks. These are Claude Code Security Review, Google Gemini ...

April 27th 2026: We added new Steal The Brainrot codes. If you've played another astoundingly popular Brainrot game bearing a similar title, you'll probably feel right at home playing Fortnite creator ...