An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage ...

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...