North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

Google prevents first known instance of 2FA cyber attack where hackers used AI-developed zero-day exploit; Know how to stay ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Composer 2.5 is Cursor's third-generation proprietary coding agent, available exclusively inside the Cursor IDE and through the @cursor/sdk — not as a general API. Like its predecessor, it is built on ...

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...