Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

OpenAI confirms a severe 2026 supply chain attack compromised internal repositories. Discover how this TanStack security ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack ...

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

An arson attack on Ebola treatment tents at a Congolese hospital is the latest sign of mounting frustration and anger at the ...

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...

Aussie victims are being tricked into giving malicious actors access to their Microsoft 365 environments with the help of AI ...

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.