ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Supply chain theft is no longer just criminal groups operating locally, but transnational cybercriminal syndicates exploiting ...

Be honest with me. How many of your passwords are still some version of your pet’s name followed by a number? Studies have shown that roughly 80% of data breaches involve weak or reused passwords.

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...

As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting ...

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...