Security researchers report a sharp rise in malicious open-source packages in 2026, with npm registry threats already surpassing 2024 totals. A new benchmark study found that popular detection tools ...

U.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and datacenters that rely on Linux.

Trellix says a part of its source code repository was recently breached, but shared little other information about the ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository ...

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

Ethereum lost 17.91% of its TVL in the past 30 days after the Kelp DAO exploit. Every chain in the top 20 except Tron recorded negative monthly TVL changes. Mantle suffered the worst losses at 52.01% ...

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

Compromised Context.ai integration let attackers inherit Vercel employee access and reach internal systems, exposing a limited set of customer credentials. Frontend cloud platform Vercel, the creator ...

The cryptocurrency industry is facing a severe security crisis. In just under 20 days, digital asset platforms have lost more than $605 million to cyberattacks. The latest and most devastating ...

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...