Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

There are sound reasons for optimism that European governments can reduce their military reliance: defense spending is rising, particularly in countries in northern and eastern Europe, and Europe is ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Google's Threat Intelligence Group (GTIG) has a new report out about a powerful iOS exploit kit called "Coruna," which traveled from a surveillance vendor's customer to a Russian espionage group to ...

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...