North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
IBM and Red Hat launch Lightwell to defend open-source code from AI attacks ...
A newly-disclosed exploit in Claude Code’s ‘auto-mode’ leaves developers facing remote code execution (RCE) vulnerabilities ...
A working exploit for a Linux kernel flaw that has existed since 2011 is now publicly available, and any logged-in user can run it to gain full root control of an affected machine in roughly five ...
North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS ...
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal ...
Slopsquatting represents an emerging supply chain threat made possible by AI hallucinations. As developers increasingly rely ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
Cybersecurity researchers at ESET identify big rise in suspicious and malicious toolsets which put users at risk from ...
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...