Security researchers report a sharp rise in malicious open-source packages in 2026, with npm registry threats already surpassing 2024 totals. A new benchmark study found that popular detection tools ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

There are sound reasons for optimism that European governments can reduce their military reliance: defense spending is rising, particularly in countries in northern and eastern Europe, and Europe is ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...

Anthropic's Mythos model promises major innovations in vulnerability management and security red-teaming, but questions remain regarding how defenders can keep threat actors from taking full advantage ...

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed ...